On Thu, Sep 11, 2003 at 01:43:23PM +0900, Atsushi Nemoto wrote: > I know this fix is not complete. __access_ok(0, 0, __access_mask) > will return 0. > > I could not find out good expression (i.e. no conditional branch) to > handle this case. > > I suppose nobody do take care of this since addr 0 is invalid pointer > anyway. That behaviour of __access_ok() is actually ok; __access_ok only needs to return non-zero only for addresses >= TASK_SIZE. For two reason the case you're mentioning is not a problem. As you say 0 is (usually) a bad pointer value so if the kernel tries to dereference it, an TLB exception is going to happen and the exception handling code will deal with the case. Second the size argument is zero and after all that means the kernel won't touch the address range anyway because hey, it's zero-length! Ralf