I have been looking, the syscalls and drivers in the kernel and always what
I see is something like this:
int func(char *user_buffer) {
/* A lot of function stuff */
...
/* then at the end when you write user_buffer I see */
if (copy_to_user(user_buffer, from, n))
return -EFAULT
return 0;
}
copy_to_user use access_ok () to check that user_buffer is in the current
proccess address space... The problem is that you always make what you need
to do and then you check that buffer is ok or not! why you don't first check
buffer and then make all what you need to do and at the end you write to the
buffer without checking? let say something like this..
int func(char *user_buffer) {
if (access_ok(buffer, n)) {
/* A lot of function stuff */
...
__copy_user(to, from, n);
return 0;
}
return -EFAULT;
}
This idea wont work if you don't have n (the size) to be writed to the
user_buffer, but I think will increase performance.. because sometime what I
call /* A lot of function stuff */ is disable interrupts (asm ("cli");) and
isn't so funny (I think) to disable interrupts when you know that it will
return an Error Code at the end...
an example of what I'm talking about take a look at kernel/info.c
in this implementation of sys_sysinfo() you first do all the things you need
to do (disable interrupts.. etc) but at the end if 'info' is out of the
process address space it return a segmentation fault why don't first check
info with access_ok() and then continue with the syscall or driver or what
else...
Thanks.
Eliel Sardanons
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
