what is the right behavior of copy_to

To:	linux-mips <linux-mips@oss.sgi.com>
Subject:	what is the right behavior of copy_to_user(0x0, ..., ...)?
From:	Jun Sun <jsun@mvista.com>
Date:	Fri, 03 May 2002 14:46:19 -0700
Sender:	owner-linux-mips@oss.sgi.com
User-agent:	Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.2.1) Gecko/20010901

When running LTP, I notice that recent kernel has a kernel access fault:

<1>Unable to handle kernel paging request at virtual address 00000000, epc
== 80273860, ra == 80205aa4
Oops in fault.c:do_page_fault, line 204:
$0 : 00000000 10001f00 00000002 00000002 00000000 86df5e98 00000001 00000040
$8 : 00000000 00000000 00000001 ffffffff 00000002 802b4864 00000001 00000001
$16: 100003d8 00000000 00000002 86df5e98 00401080 10002df8 00000000 00000097
$24: 0000000a 802e7ab6                   86df4000 86df5e60 7fff7c60 80205aa4
Hi : 00000000
Lo : 00000000
epc  : 80273860    Not tainted
Status: 10001f03
Cause : 9080800c
 ....

Tracing error reveals that user process passed a NULL buffer pointer tosys_getpeername() syscall, probably intentionally. Then it goes all the waydown to copy_to_user(0x0, ..., ...) and caused a oops as above.

As a result of oops the user process is killed. However I am not sure if thisis the right way to respond to an ill argument. copy_to_user() probablyshould catch this case and return some meaningful error back to the caller.


I am not sure what is the best way to achieve this.  Any thoughts?

Jun

<Prev in Thread]	Current Thread	[Next in Thread>
what is the right behavior of copy_to_user(0x0, ..., ...)?, Jun Sun <= Re: what is the right behavior of copy_to_user(0x0, ..., ...)?, Ralf Baechle Re: what is the right behavior of copy_to_user(0x0, ..., ...)?, Jun Sun Re: what is the right behavior of copy_to_user(0x0, ..., ...)?, Ralf Baechle Re: what is the right behavior of copy_to_user(0x0, ..., ...)?, Jun Sun Re: what is the right behavior of copy_to_user(0x0, ..., ...)?, Ralf Baechle Re: what is the right behavior of copy_to_user(0x0, ..., ...)?, Carsten Langgaard Re: what is the right behavior of copy_to_user(0x0, ..., ...)?, Ralf Baechle Re: what is the right behavior of copy_to_user(0x0, ..., ...)?, Ralf Baechle

<Prev in Thread]

Current Thread

[Next in Thread>

Previous by Date:	Accounting for all memory., Scott A McConnell
Next by Date:	Re: what is the right behavior of copy_to_user(0x0, ..., ...)?, Ralf Baechle
Previous by Thread:	Accounting for all memory., Scott A McConnell
Next by Thread:	Re: what is the right behavior of copy_to_user(0x0, ..., ...)?, Ralf Baechle
Indexes:	[Date] [Thread] [Top] [All Lists]

Previous by Date:

Accounting for all memory., Scott A McConnell

Next by Date:

Re: what is the right behavior of copy_to_user(0x0, ..., ...)?, Ralf Baechle

Previous by Thread:

Accounting for all memory., Scott A McConnell

Next by Thread:

Re: what is the right behavior of copy_to_user(0x0, ..., ...)?, Ralf Baechle

Indexes:

[Date] [Thread] [Top] [All Lists]