> The more important part which I asked for already is, is is_copy_from_user() > exhaustive in determining the that the operation really is a copy from user? > > The EX_TYPE_UACCESS things *explicitly* marked such places in the code. Does > is_copy_from_user() guarantee the same, without false positives? is_copy_from_user() decodes the instruction that took the trap. It looks for MOV, MOVZ and MOVS instructions to find the source address, and then checks whether that's user (< TASK_SIZE_MAX) or kernel. So no false positives. There could be some false negatives if some other instruction is doing the "load" operation. -Tony
