The other point that I want to mention is that I don't
think that there is any guarantee that the user space
structure will be locked in memory. There is every
likely hood of the page being swapped out.
Correct me if I am wrong.
Thanks,
Vinay
--- Vinay Venkataraghavan <[email protected]>
wrote:
>
>
> > > > > Secondly, they seem to use memcpy as opposed
> > to using
> > > > > copy_to_user/copy_from_user which is also
> very
> > > > > dangerous.
> > > >
> > > > If they are grabbing data from user context
> into
> > kernel (or vise versa)
> > > > that could easily cause an oops. Not to
> mention
> > it is a security risk.
> > >
> > > Not to mention it simply won't work on a many
> > platforms, no matter what...
> >
> > Hmm, I've only worked with a few platforms (i386,
> > x86_64, ppc, mips, and
> > a little arm but I don't remember that much). I
> > believe that a memcpy
> > could work on all these platforms (error prone of
> > course, but if the
> > memory is mapped its OK).
>
> When entering a system
> > call, the kernel still
> > has access to the memory locations assigned to the
> > user.
> >
>
> But this is not always the case right. The point
> that
> you mention above is specifically why I posted this
> question. It could well be the case that the user
> space page could be swapped out when the user space
> process is blocked. So when the ioctl is serviced in
> kernel space, there is no guarantee that the page is
> still mapped. This could cause a page fault.
> I think this is why we need to do a
> copy_to_user/copy_from_user.
>
> The piece of code that I am talking about is part of
> a
> driver code. Unfortunately I am not at liberty to
> divulge the name of the company. So in the driver
> then
> are not using copy_to_user and copy_from_user. That
> is
> what puzzles me. Moreover, where they are using
> these
> functions they use memcpy which is a big security
> risk.
>
> Thanks once again.
> Vinay
>
>
>
>
> __________________________________________
> Yahoo! DSL ? Something to write home about.
> Just $16.99/mo. or less.
> dsl.yahoo.com
>
>
__________________________________________
Yahoo! DSL ? Something to write home about.
Just $16.99/mo. or less.
dsl.yahoo.com
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]