[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <529520AB.2020407@zytor.com>
Date: Tue, 26 Nov 2013 14:28:59 -0800
From: "H. Peter Anvin" <hpa@...or.com>
To: Andrew Morton <akpm@...ux-foundation.org>
CC: Ingo Molnar <mingo@...nel.org>, Al Viro <viro@...IV.linux.org.uk>,
Thomas Gleixner <tglx@...utronix.de>,
Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
Vitaly Mayatskikh <v.mayatskih@...il.com>,
"Murty, Ravi" <ravi.murty@...el.com>, neilb@...e.de
Subject: Re: copy_from_user_*() and buffer zeroing
On 11/26/2013 01:54 PM, Andrew Morton wrote:
>
> Nine years ago:
>
> commit 7079f897164cb14f616c785d3d01629fd6a97719
> Author: mingo <mingo>
> Date: Fri Aug 27 17:33:18 2004 +0000
>
> [PATCH] Add a few might_sleep() checks
>
> Add a whole bunch more might_sleep() checks. We also enable might_sleep()
> checking in copy_*_user(). This was non-trivial because of the "copy_*_user()
> in atomic regions" trick would generate false positives. Fix that up by
> adding a new __copy_*_user_inatomic(), which avoids the might_sleep() check.
>
> Only i386 is supported in this patch.
>
>
> I can't think of any reason why __copy_from_user_inatomic() should be
> non-zeroing. But maybe I'm missing something - this would pretty
> easily permit uninitialised data to appear in pagecache and someone
> surely would have noticed..
>
Yes, and the might_sleep() check is indeed bypassed.
However, the non-zeroing bit is currently motivated by the following
comment:
/**
* __copy_from_user: - Copy a block of data from user space, with less
checking.
* @to: Destination address, in kernel space.
* @from: Source address, in user space.
* @n: Number of bytes to copy.
*
* Context: User context only. This function may sleep.
*
* Copy data from user space to kernel space. Caller must check
* the specified block with access_ok() before calling this function.
*
* Returns number of bytes that could not be copied.
* On success, this will be zero.
*
* If some data could not be copied, this function will pad the copied
* data to the requested size using zero bytes.
*
* An alternate version - __copy_from_user_inatomic() - may be called from
* atomic context and will fail rather than sleep. In this case the
* uncopied bytes will *NOT* be padded with zeros. See fs/filemap.h
* for explanation of why this is needed.
*/
This comment is only present in the 32-bit code. fs/filemap.h of course
no longer exists, however, the original commit seems to be
01408c4939479ec46c15aa7ef6e2406be50eeeca which puts a comment in the
(now defunct mm/filemap.h).
I have to say I don't follow the explanation in that patch. It seems
like if you're concurrently reading a buffer being written you should
expect to get any kind of mismash...
Neil, is this still an issue?
-hpa
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists