Re: AUDIT: copy_from_user is a deathtrap.

Denis Vlasenko (vda@port.imtp.ilyichevsk.odessa.ua)
Wed, 22 May 2002 12:27:14 -0200


On 21 May 2002 04:21, Arnaldo Carvalho de Melo wrote:
> > Oh. Do you think a pair of
> >
> > copy_to_user_or_EINVAL(...)
> > copy_to_user_return_residue(...)
> >
> > will help avoid such bugs?
> > It is possible to audit kernel once, move it to new functions
> > and deprecate/delete old one.
>
> As Linus and others pointed out, copy_{to_from}_user has its uses and will
> stay, but something like:

I don't say 'kill it', I say 'rename it so that its name tells users what
return value to expect'. However, one have to weigh
long_but_easy_to_understand_name() versus cryptcnshrt() here. :-)

I usually vote for long_but_easy_to_understand_name(), but it's MHO only.

> #define copyin(...) (copy_from_user(...) ? -EFAULT : 0)
> #define copyout(...) (copy_to_user(...) ? -EFAULT : 0)

This falls in cryptcnshrt() category.
Will "new programmer" grasp form the name alone that it returns EFAULT?
/me in doubt. OTOH BSD folks may be happy.

--
vda
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/