Return to BSD News archive
Path: sserve!newshost.anu.edu.au!munnari.oz.au!constellation!convex!convex!cs.utexas.edu!uunet!mcsun!news.funet.fi!hydra!klaava!klaava!not-for-mail From: torvalds@klaava.Helsinki.FI (Linus Torvalds) Newsgroups: comp.os.386bsd.bugs Subject: Re: Nethack Date: 5 Jul 1993 14:17:05 +0300 Organization: University of Helsinki Lines: 35 Message-ID: <2192jh$njf@klaava.Helsinki.FI> References: <21678c$13q@klaava.Helsinki.FI> <216rcfINNj4@fstgds01.tu-graz.ac.at> NNTP-Posting-Host: klaava.helsinki.fi In article <216rcfINNj4@fstgds01.tu-graz.ac.at> chmr@edvz.tu-graz.ac.at (Christoph Robitschko) writes: > >The current copyout is braindead; but that is simple to fix. >The problem with the WP-bit is that the user area is currently mapped read-only, >because the signal code requires this (I think -- correct me if I'm wrong), >and the kernel stack is also in the user area... Ah. Ok. Linux doesn't put the user area and kernel stack in the process space at all, so this is not a problem for me (the only reason I saw for putting the user area read-only in user space was for faster "trivial" system calls like getpid(), and I don't think it's worth cluttering up the user space with kernel data structures just for that). >Hmmm. copyout is used by far more than read alone (ioctl, some device drivers >etc), did you include the check in all these places ? Yep. Again, linux uses a slightly different way of handling copyin/out by simply doing it with inline assembly from the %fs segment, which points to user space when doing system calls. This also allows you to use kernel pointers by simply changing %fs to be the kernel DS, which is practical in some circumstances (the vfs layer, for example, obviously needs "far pointers" like this in order to handle vfs reads both to kernel and user space). With this kind of scheme, the WP and EFAULT checks don't really fit into the copyin/out routines- I found doing a separate verify_area() helpful when doing loops that copy data from/to user space - it also results in assembly code that is easier to follow and I tend to check the assembly output of the compiler every now and then when it comes to important routines. It does mean that you have to remember the verify_area call, so I'm not sure it's actually a great idea, but I'm not unhappy with it (in 99% of the cases you can do the verify_area() in the system call interface layer, and not worry about it in the "proper" kernel routines). Linus