link(2) and EFAULT

Simon 'corecode' Schubert corecode at fs.ei.tum.de
Fri Jul 27 01:11:32 PDT 2007


[TOFU fixed]

Jonas Trollvik wrote:
On 7/27/07, Michael Galassi <nerd at xyz.com> wrote:
A few hours ago I wrote:
copyin() is called by the system call code and returns
efault after validating the address, before actually
touching it.
This is the traditional way of doing things but is clearly expensive
as validating a user address takes forever and a bit.  Do we blindly
use whatever address is passed in and then add checking to the page
fault code to figure out if we should just return efault?  This would
be a blatant example of optimizing the common case at small cost for
the error case which most people probably don't care about.
The kernel needs to validate that the pointers it gets from userland
are valid, otherwise this could lead to an exploit/panic among other
things.
The kernel actually does what Michael suggests:  It sets a custom fault handler and just copies away. See /sys/platform/pc32/i386/support.s

cheers
 simon
--
Serve - BSD     +++  RENT this banner advert  +++    ASCII Ribbon   /"\
Work - Mac      +++  space for low €€€ NOW!1  +++      Campaign     \ /
Party Enjoy Relax   |   http://dragonflybsd.org      Against  HTML   \
Dude 2c 2 the max   !   http://golden-apple.biz       Mail + News   / \




More information about the Kernel mailing list