On Fri, Dec 07, 2001 at 10:45:12AM -0600, Robert Williamson wrote: > So, verify_area and copy_from_user in some cases will both end up using > access_ok, why does one work better than the other? access_ok() does only check if the pointer isn't in kernel space (= security check) The real check if the buffer is mapped or not is done during the actual access by handing an exception as needed. So verify_area() just catches a small part of the EFAULT cases. Checking *_user return is the correct way. > Also, a similar situation occurs with the sigaction call. I've noticed > signal.c is using verify_area, should that be changed to use copy_from_user > / copy_to_user? verify_area() should be removed and *_user checked again. There are some exceptions: Some functions want to avoid the access_ok() check for every user access when they already know that the pointer is ok. In this case they sometimes use verify_area() or access_ok() and then __*_user (with double underscore). In this case the verify_area is still needed. You'll find a lot of other functions BTW that do not properly check *_user return BTW; in some cases it was too difficult to add all the checks to the whole call chain so it was not done. I would take an relaxed attitude in LTP at missing EFAULT; perhaps make it a warning only. -Andi P.S.: I have a preliminary patch to make 2.4 TCP do full EFAULT again, but it needs some more testing before I can release it. - : send the line "unsubscribe linux-net" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
