| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 22 Oct 2011 13:06:06 -0400
From: Xin Tong <xerox.time.tech@...il.com>
To: linux-kernel <linux-kernel@...r.kernel.org>
Subject: copy_*_user
I am investigating copy_from_user and copy_to_user in linux under
i386. These two function both take a pointer with virtual address and
a pointer with physical address.
copy_from_user calls __copy_from_user_ll and copy_to_user calls
__copy_to_user_ll. It make sense to me that __copy_to_user_ll converts
the virtual address to physical address using the current process's
page table.
unsigned long __copy_to_user_ll(void __user *to, const void *from,
unsigned long n)
{
...
retval = get_user_pages(current, current->mm,
(unsigned long)to, 1, 1, 0, &pg, NULL);
if (retval == -ENOMEM && is_global_init(current)) {
up_read(¤t->mm->mmap_sem);
congestion_wait(BLK_RW_ASYNC, HZ/50);
goto survive;
}
if (retval != 1) {
up_read(¤t->mm->mmap_sem);
break;
}
maddr = kmap_atomic(pg, KM_USER0);
memcpy(maddr + offset, from, len);
...
}
But it seems to be that __copy_from_user_ll is not converted the
address at all before attempting to copy. Can someone help explain to
me why ?
Thanks
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists