Re: PATCH [bugfix for pipe(2) system call]
Jakub Jelinek (jakub@redhat.com)
Wed, 1 Dec 1999 13:13:18 +0100
On Wed, Dec 01, 1999 at 11:47:18AM +0000, Tigran Aivazian wrote:
> On Wed, 1 Dec 1999, Jakub Jelinek wrote:
> > The difference between __copy* and copy* is in that copy* does verify_area
> > first.
>
> ok, yes, true - I just checked __generic_copy_to_user() on i386. In this
> case, isn't it easier to just verify_area(VERIFY_WRITE, userfd, 2*4)? Why
> bother copying things around? Do verify_area() in the beginning and
> __copy_to_user() later on. But, as you said, the other thread can unmap
> the page with userfd[2]. This makes me think that we should do what
> generic_file_read() does, i.e.it does verify_area() in the beginning and
> lets the actor (file_read_actor) kmap()/kunmap() the page and do
> __copy_to_user(). We could do the same in sys_pipe().
>
> Isn't it better to do that or am I still missing something that you
> clearly explained already?
verify_area on most archs (486+, ...) catches e.g. pipe (0xff000000), but
does not catch pipe (0) nor pipe (0x40000000) (provided those addresses are
not mapped); so that you know that an address is valid for write, you must
do both verify_area and __put_user/__copy_to_user, not only one of these
(put_user/copy_to_user do both).
Cheers,
Jakub
___________________________________________________________________
Jakub Jelinek | jakub@redhat.com | http://sunsite.mff.cuni.cz/~jj
Linux version 2.3.18 on a sparc64 machine (1343.49 BogoMips)
___________________________________________________________________
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/