Re: Why system call need to copy the date from the userspacebefore using it

From: Benjamin Herrenschmidt
Date: Wed Apr 13 2005 - 06:34:58 EST

Next message: Toralf Lund: "Re: insmod segfault in pci_find_subsys()"
Previous message: Pavel Machek: "Re: 2.6.11 acpi battery state readout as source of keyboard/touchpad troubles"
In reply to: Helge Hafting: "Re: Why system call need to copy the date from the userspace beforeusing it"
Next in thread: Hacksaw: "Re: Why system call need to copy the date from the userspace before using it"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 2005-04-13 at 12:21 +0800, Tomko wrote:
> Hi all,
>
> I am new to linux , hope someone can help me.
> While i am reading the source code of the linux system call , i find
> that the system call need to call copy_from_user() to copy the data from
> user space to kernel space before using it . Why not use it directly as
> the system call has got the address ? Furthermore , how to distinguish
> between user space and kernel space ?

Well, there are more than one reason. But, in general, you always need
to access user memory using specific accessors, like copy_to/from_user,
get/put_user, etc... Some of these reasons are:

- Userland can give you a bogus pointer. Doing a normal access from the
kernel via a bogus pointer can lead to all sort of funny things, which
you really do not want to happen. What if userland is giving a
destination pointer to the kernel that points to ... the kernel itself
or some of it's data structures ? that would be way to easy for userland
to cause the kernel to crash if the kernel "trusted" pointers from
userland. So one thing those functions do is to check the pointer to see
if it's within valid userland memory bounds

- Even if within valid memory bounds, it may still be bogus, that is
point to a page that is not mapped, or a destination pointer pointing to
a read-only page, or all sort of other fault caused by accessing it.
Those special access functions are designed to "recover" from there
errors. Instead of the kernel crashing/Oops'ing because of the bad
access, the kernel page fault handler will "notice" that the access
comes from one of these special function and will do some black magic so
that instead of crashing, the access function will just return with an
error that can then be passed back to userspace (usually EFAULT).

- Some architectures don't have user and kernel memory mapped at the
same time (think about x86 in 4G/4G mode for example). In that case,
accessing user memory requires some specific memory management tricks
that are architecture specific. Those functions take care of that.

There may even be more I don't have in mind at the moment, but the above
is already enough to justify having specific accessor functions for
kernel code to access userland originated pointers.

Ben.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Toralf Lund: "Re: insmod segfault in pci_find_subsys()"
Previous message: Pavel Machek: "Re: 2.6.11 acpi battery state readout as source of keyboard/touchpad troubles"
In reply to: Helge Hafting: "Re: Why system call need to copy the date from the userspace beforeusing it"
Next in thread: Hacksaw: "Re: Why system call need to copy the date from the userspace before using it"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]