From: Rusty Russell <rusty@rustcorp.com.au>
To: Alan Cox <alan@lxorguk.ukuu.org.uk>
Cc: torvalds@transmeta.com (Linus Torvalds),
akpm@zip.com.au (Andrew Morton),
rusty@rustcorp.com.au (Rusty Russell),
linux-kernel@vger.kernel.org
Subject: Re: AUDIT: copy_from_user is a deathtrap.
Date: Thu, 23 May 2002 13:54:16 +1000 [thread overview]
Message-ID: <E17Ajg8-0005mi-00@wagner.rustcorp.com.au> (raw)
In-Reply-To: Your message of "Wed, 22 May 2002 15:54:33 +0100." <E17AXVZ-0001up-00@the-village.bc.nu>
In message <E17AXVZ-0001up-00@the-village.bc.nu> you write:
> What it seems to say is that it if an error
> is reported then no data got written down the actual pipe itself. Putting
> 4K into the pipe then reporting Esomething is not allowed. Copying 4K into
> a buffer faulting and erroring with Efoo then throwing away the buffer is
> allowed
Hmmm... then noone is compliant AFAICT. Test program attached, which
mprotects 100th page and tries to write 100 pages (interestingly, most
OS's optimize writes to /dev/null, and always "succeed"):
OS Empty file 6 byte file Pipe
Return Size Return Size Valid Return Size
AIX EFAULT 99P EFAULT 99P+6 99P+6 EFAULT 97P
Linux 99P 100P 99P-6 100P 99P-2 99P 99P
(x86)
Solaris 98P 98P 99P-6 99P 99P EFAULT 98.75P
Key: Return = return value or error code if -1
Size = resulting file size
Valid = bytes written which were actually those requested
P = * PAGE_SIZE
Summary: this is undefined behaviour, so I believe that we should do
the simplest thing possible inside the kernel. I believe the simplest
thing we can do is have the trap handler deliver SIGSEGV to the
process, zero fill the region, and always return "success" to the
caller. None of the callers need then care.
Rusty.
--
Anyone who quotes me in their sig is an idiot. -- Rusty Russell.
/* Test for write from partially unmapped area.
Aligned output: ./test-write > /tmp/out
Unaligned output: echo hello > /tmp/out && ./test-write >> /tmp/out
(Note: check output with od -x /tmp/out)
Pipe: ./test-write | cat > /tmp/out
*/
#include <unistd.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <sys/mman.h>
#include <string.h>
#include <errno.h>
#include <limits.h>
#include <stdlib.h>
#include <stdio.h>
#define ALIGN(x,a) (((x)+(a)-1)&~((a)-1))
int main()
{
int writeret;
char *pages;
long pagesize;
pagesize = sysconf(_SC_PAGESIZE);
fprintf(stderr, "Pagesize is %li\n", pagesize);
pages = malloc(pagesize * 101);
pages = (char *)ALIGN((unsigned long)pages, pagesize);
memset(pages, 'A', pagesize*100);
if (mprotect(pages + pagesize*99, pagesize, PROT_NONE) != 0) {
perror("mprotect");
exit(1);
}
writeret = write(STDOUT_FILENO, pages, pagesize*100);
fprintf(stderr, "Write returned %i (%s)\n",
writeret, writeret < 0 ? strerror(errno) : "no error");
return 0;
}
next prev parent reply other threads:[~2002-05-23 3:55 UTC|newest]
Thread overview: 83+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <E178eMm-0000NO-00@wagner.rustcorp.com.au.suse.lists.linux.kernel>
[not found] ` <Pine.LNX.4.44.0205171936220.1524-100000@home.transmeta.com.suse.lists.linux.kernel>
2002-05-18 10:16 ` AUDIT: copy_from_user is a deathtrap Andi Kleen
2002-05-18 16:14 ` Linus Torvalds
2002-05-19 2:10 ` Rusty Russell
2002-05-19 3:01 ` Linus Torvalds
2002-05-19 3:05 ` Larry McVoy
2002-05-19 4:01 ` Rusty Russell
2002-05-19 4:02 ` Larry McVoy
2002-05-16 23:56 ` Pavel Machek
2002-05-16 23:56 ` Pavel Machek
2002-05-19 3:31 ` Rusty Russell
2002-05-19 3:34 ` Linus Torvalds
2002-05-16 23:53 ` Pavel Machek
2002-05-21 20:47 ` Linus Torvalds
2002-05-21 21:17 ` Pavel Machek
2002-05-21 21:25 ` Linus Torvalds
2002-05-21 21:44 ` Alan Cox
2002-05-21 21:46 ` Andrew Morton
2002-05-21 22:04 ` Linus Torvalds
2002-05-21 22:21 ` Pavel Machek
2002-05-22 13:47 ` Alan Cox
2002-05-22 14:13 ` Pavel Machek
2002-05-22 14:54 ` Alan Cox
2002-05-22 14:42 ` Pavel Machek
2002-05-22 15:27 ` Alan Cox
2002-05-22 18:58 ` Kasper Dupont
2002-05-22 22:02 ` Alan Cox
2002-05-23 3:54 ` Rusty Russell [this message]
2002-05-23 11:15 ` Edgar Toernig
2002-05-22 16:09 ` Linus Torvalds
2002-05-22 20:28 ` Pavel Machek
2002-05-22 0:47 ` Andrea Arcangeli
2002-05-22 5:01 ` Rusty Russell
2002-05-22 6:28 ` Rusty Russell
2002-05-22 4:57 ` Rusty Russell
2002-05-22 13:30 ` Alan Cox
2002-05-22 18:43 ` Marco Colombo
2002-05-19 20:23 ` Edgar Toernig
2002-05-19 22:44 ` Alan Cox
2002-05-22 13:40 Petr Vandrovec
2002-05-22 18:58 ` Denis Vlasenko
2002-05-22 14:13 ` Ruth Ivimey-Cook
-- strict thread matches above, loose matches on Subject: below --
2002-05-22 10:08 Petr Vandrovec
2002-05-22 16:23 ` Denis Vlasenko
[not found] <Pine.LNX.4.44.0205191951460.22433-100000@home.transmeta.com.suse.lists.linux.kernel>
[not found] ` <E179fAd-0005vs-00@wagner.rustcorp.com.au.suse.lists.linux.kernel>
2002-05-20 10:59 ` Andi Kleen
2002-05-19 3:38 Rusty Russell
2002-05-19 5:23 ` Linus Torvalds
2002-05-17 0:00 ` Pavel Machek
2002-05-18 21:47 ` Benjamin Herrenschmidt
2002-05-19 12:22 ` Alan Cox
2002-05-19 18:29 ` Linus Torvalds
2002-05-19 19:57 ` Roman Zippel
2002-05-20 2:06 ` Rusty Russell
2002-05-20 2:54 ` Linus Torvalds
2002-05-20 4:53 ` Rusty Russell
2002-05-19 20:12 ` Arnaldo Carvalho de Melo
2002-05-20 16:00 ` Linus Torvalds
2002-05-19 11:41 ` Alan Cox
[not found] <mailman.1021642692.12772.linux-kernel2news@redhat.com>
2002-05-17 17:36 ` Pete Zaitcev
2002-05-18 1:05 ` Rusty Russell
2002-05-18 2:57 ` Alan Cox
2002-05-16 23:27 ` Pavel Machek
[not found] ` <200205191212.g4JCCLY25867@Port.imtp.ilyichevsk.odessa.ua>
[not found] ` <20020520112232.A8983@devserv.devel.redhat.com>
2002-05-21 10:57 ` Denis Vlasenko
2002-05-21 6:21 ` Arnaldo Carvalho de Melo
2002-05-21 8:33 ` Christoph Hellwig
2002-05-21 19:02 ` Albert D. Cahalan
2002-05-22 14:27 ` Denis Vlasenko
2002-05-17 9:27 Rusty Russell
2002-05-17 9:21 ` David S. Miller
2002-05-17 9:49 ` Rusty Russell
2002-05-17 9:35 ` David S. Miller
2002-05-17 12:26 ` Rusty Russell
2002-05-17 17:42 ` Denis Vlasenko
2002-05-17 12:17 ` Alan Cox
2002-05-17 12:21 ` Rusty Russell
2002-05-17 12:58 ` Alan Cox
2002-05-17 12:58 ` Rusty Russell
2002-05-17 13:13 ` John Levon
2002-05-17 14:52 ` Alan Cox
2002-05-18 1:26 ` Rusty Russell
2002-05-17 17:58 ` Denis Vlasenko
2002-05-18 2:37 ` Linus Torvalds
2002-05-18 15:06 ` John Alvord
2002-05-17 10:20 ` Christoph Hellwig
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=E17Ajg8-0005mi-00@wagner.rustcorp.com.au \
--to=rusty@rustcorp.com.au \
--cc=akpm@zip.com.au \
--cc=alan@lxorguk.ukuu.org.uk \
--cc=linux-kernel@vger.kernel.org \
--cc=torvalds@transmeta.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).