* Validating Pointers
@ 2001-07-26 15:36 Cress, Andrew R
2001-07-26 15:45 ` Arnaldo Carvalho de Melo
0 siblings, 1 reply; 7+ messages in thread
From: Cress, Andrew R @ 2001-07-26 15:36 UTC (permalink / raw)
To: linux-kernel
Is there a general (correct) kernel subroutine to validate a pointer
received in a routine as input from the outside world? Is access_ok() a
good one to use?
Andy
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: Validating Pointers
2001-07-26 15:36 Validating Pointers Cress, Andrew R
@ 2001-07-26 15:45 ` Arnaldo Carvalho de Melo
0 siblings, 0 replies; 7+ messages in thread
From: Arnaldo Carvalho de Melo @ 2001-07-26 15:45 UTC (permalink / raw)
To: Cress, Andrew R; +Cc: linux-kernel
Em Thu, Jul 26, 2001 at 08:36:49AM -0700, Cress, Andrew R escreveu:
>
> Is there a general (correct) kernel subroutine to validate a pointer
> received in a routine as input from the outside world? Is access_ok() a
> good one to use?
normally one uses get_user & friends and copy_from_user and friends
checking its return and returning -EFAULT if they fail
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: Validating Pointers
2001-07-27 3:19 ` tpepper
@ 2001-07-27 9:47 ` Alan Cox
0 siblings, 0 replies; 7+ messages in thread
From: Alan Cox @ 2001-07-27 9:47 UTC (permalink / raw)
To: tpepper; +Cc: Alan Cox, linux-kernel
> copy_to_user(user_addr, kernel_addr, size);
> and
> copy_from_user(kernel_addr, user_addr, size);
>
> Are you saying that static and dynamically allocated kernel variables end up
> in different segments (kernel_ds and user_ds) and the copy is only expected to
> succeed if the to and from addresses are in the same segment?
user and kernel address spaces are seperate. On S/390 and M68K for example
they occupy the same values for both. Long long ago this was done via
segments on x86 (we dont use segments now) and thus the functions to do
what you want are still called set_fs/get_fs/get_ds
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: Validating Pointers
2001-07-26 17:12 ` Alan Cox
@ 2001-07-27 3:19 ` tpepper
2001-07-27 9:47 ` Alan Cox
0 siblings, 1 reply; 7+ messages in thread
From: tpepper @ 2001-07-27 3:19 UTC (permalink / raw)
To: Alan Cox; +Cc: linux-kernel
On Thu 26 Jul at 18:12:57 +0100 alan@lxorguk.ukuu.org.uk done said:
>
> You can't pass kernel address as if they were userspace. It might happen to
> sometimes work on some architectures. Take a look at the set_fs() stuff
Am I? I though I was doing a pretty plain user<->kernel copy:
copy_to_user(user_addr, kernel_addr, size);
and
copy_from_user(kernel_addr, user_addr, size);
Are you saying that static and dynamically allocated kernel variables end up
in different segments (kernel_ds and user_ds) and the copy is only expected to
succeed if the to and from addresses are in the same segment?
Tim
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: Validating Pointers
2001-07-26 17:09 ` tpepper
@ 2001-07-26 17:12 ` Alan Cox
2001-07-27 3:19 ` tpepper
0 siblings, 1 reply; 7+ messages in thread
From: Alan Cox @ 2001-07-26 17:12 UTC (permalink / raw)
To: tpepper; +Cc: Alan Cox, linux-kernel
> Should the i386 access_ok() fail when checking a copy to/from userspace
> from/to a static in a driver module? The __copy_to|from_user work fine
> and copy_to|from_user fail, but I guess that doesn't mean access_ok()
> is the culprit. I don't know intel assembly and the platforms for
> which I do get the assembly don't do much in access_ok() so there's no
> comparing...but I'd have thought they'd be more concerned with the user
> address location than the kernel one.
You can't pass kernel address as if they were userspace. It might happen to
sometimes work on some architectures. Take a look at the set_fs() stuff
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: Validating Pointers
2001-07-26 15:52 ` Alan Cox
@ 2001-07-26 17:09 ` tpepper
2001-07-26 17:12 ` Alan Cox
0 siblings, 1 reply; 7+ messages in thread
From: tpepper @ 2001-07-26 17:09 UTC (permalink / raw)
To: Alan Cox; +Cc: linux-kernel
On Thu 26 Jul at 16:52:48 +0100 alan@lxorguk.ukuu.org.uk done said:
> access_ok may do minimal checks, or no checking at all. The only point at
> which you can validate a user point is when you use copy*user and
> get/put_user to access the data.
Should the i386 access_ok() fail when checking a copy to/from userspace
from/to a static in a driver module? The __copy_to|from_user work fine
and copy_to|from_user fail, but I guess that doesn't mean access_ok()
is the culprit. I don't know intel assembly and the platforms for
which I do get the assembly don't do much in access_ok() so there's no
comparing...but I'd have thought they'd be more concerned with the user
address location than the kernel one.
t.
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: Validating Pointers
[not found] <no.id>
@ 2001-07-26 15:52 ` Alan Cox
2001-07-26 17:09 ` tpepper
0 siblings, 1 reply; 7+ messages in thread
From: Alan Cox @ 2001-07-26 15:52 UTC (permalink / raw)
To: Cress, Andrew R; +Cc: linux-kernel
> Is there a general (correct) kernel subroutine to validate a pointer
> received in a routine as input from the outside world? Is access_ok() a
> good one to use?
access_ok may do minimal checks, or no checking at all. The only point at
which you can validate a user point is when you use copy*user and
get/put_user to access the data.
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2001-07-27 9:46 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2001-07-26 15:36 Validating Pointers Cress, Andrew R
2001-07-26 15:45 ` Arnaldo Carvalho de Melo
[not found] <no.id>
2001-07-26 15:52 ` Alan Cox
2001-07-26 17:09 ` tpepper
2001-07-26 17:12 ` Alan Cox
2001-07-27 3:19 ` tpepper
2001-07-27 9:47 ` Alan Cox
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).