Re: My last word on copy_to_user

Erik Andersen (andersee@debian.org)
Sat, 24 Jan 1998 00:49:07 -0700

On Sat, Jan 24, 1998 at 12:12:00AM -0600, Michael Elizabeth Chastain wrote:
> Hi guys,
>
> Here is a list of places in 2.1.80 that call copy_to_user and expect
> it to return -EFAULT, or a negative number, on error. These callers
> are wrong.
>
> I think most, or all, of these places will work correctly as long
> as the addresses are supplied are valid. In that case copy_to_user
> returns 0 and every caller accepts 0 as a sign of success.
>
[-------------snip-----------------]
> IOCTL_OUT drivers/cdrom/cdrom.c

You are right this should be better documented. I thought I had been
so careful... Bummer! cdrom.c thinks everything is fine only if
copy_from_user returns 0. This is the Right Thing(tm) I believe, but
then it directly returns whatever non-zero stuff copy_from_user returns.
If indeed copy_to_user returns the number of bits that _didn't_ get
copied, then I suppose I need to change this to do something like:

#define IOCTL_IN(arg, type, in) { \
- int ret=copy_from_user(&in, (type *) arg, sizeof in); \
- if (ret) return ret; }
+ if ( copy_from_user(&in, (type *) arg, sizeof in) ) \
+ return -EFAULT; }

Is this the same for copy_to_user as well? Should I change:
#define IOCTL_OUT(arg, type, out) { \
- int ret=copy_to_user((type *) arg, &out, sizeof out); \
- if (ret) return ret; }
+ if ( copy_to_user((type *) arg, &out, sizeof out) ) \
+ return -EFAULT; }
as well?

-Erik

--
Erik B. Andersen   Web:    http://www.inconnect.com/~andersen/ 
                   email:  andersee@debian.org
--This message was written using 73% post-consumer electrons--