Re: Bogus buffer length check in linux-2.6.11 read()

From: Robert Hancock
Date: Tue Mar 15 2005 - 19:05:40 EST

Next message: Kylene Jo Hall: "Re: [PATCH] Add TPM hardware enablement driver"
Previous message: Robert Hancock: "Re: Taking strlen of buffers copied from userspace"
In reply to: Tom Felker: "Re: Bogus buffer length check in linux-2.6.11 read()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

linux-os wrote:

The attached file shows that the kernel thinks it's doing
something helpful by checking the length of the input
buffer for a read(). It will return "Bad Address" until
the length is 1632 bytes. Apparently the kernel thinks
1632 is a good length!

Likely because only 1632 bytes of memory is accessible after the start of the buf buffer, and trying to read in more than that results in copy_to_user failing to write some data.

Did anybody consider the overhead necessary to do this
and the fact that the kernel has no way of knowing if
the pointer to the buffer is valid until it actually
does the write. What was wrong with copy_to_user()?
Why is there the additional bogus check?

What additional check?

--
Robert Hancock Saskatoon, SK, Canada
To email, remove "nospam" from hancockr@xxxxxxxxxxxxx
Home Page: http://www.roberthancock.com/

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Kylene Jo Hall: "Re: [PATCH] Add TPM hardware enablement driver"
Previous message: Robert Hancock: "Re: Taking strlen of buffers copied from userspace"
In reply to: Tom Felker: "Re: Bogus buffer length check in linux-2.6.11 read()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]