Re: AUDIT: copy_from_user is a deathtrap.
Denis Vlasenko (vda@port.imtp.ilyichevsk.odessa.ua)
Tue, 21 May 2002 08:57:28 -0200
On 20 May 2002 13:22, you wrote:
> > Can you tell me what's wrong with copy_from_user? How did you used it
> > wrongly?
>
> Denis, I agree with the essense of Rusty's argument, which is that
> copy_to_user is easy to misuse in the following way:
>
> xxx_ioctl (..., cmd, arg) {
> return copy_to_user(....);
> }
>
> Since copy_to_user returns a number of residue bytes instead of
> -EINVAL, such statement confuses the caller.
> Rusty found something about 54 instances of this.
Oh. Do you think a pair of
copy_to_user_or_EINVAL(...)
copy_to_user_return_residue(...)
will help avoid such bugs?
It is possible to audit kernel once, move it to new functions
and deprecate/delete old one.
--
vda
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/