From: Linus Torvalds <torvalds@transmeta.com> To: Andrew Morton <akpm@zip.com.au> Subject: Re: AUDIT: copy_from_user is a deathtrap. Date: Tue, 21 May 2002 15:04:22 -0700 (PDT) Cc: Alan Cox <alan@lxorguk.ukuu.org.uk>, Pavel Machek <pavel@suse.cz>, Rusty Russell <rusty@rustcorp.com.au>, <linux-kernel@vger.kernel.org> On Tue, 21 May 2002, Andrew Morton wrote: > > Pavel makes a reasonable point that copy_*_user may elect > to copy the data in something other than strictly ascending > user virtual addresses. In which case it's not possible to return > a sane "how much was copied" number. I don't agree that that is true. Do you have _any_ reasonable implementation taht would do that_ > And copy_*_user is buggy at present: it doesn't correctly handle > the case where the source and destination of the copy are overlapping > in the same physical page. Example code below. So we have memcpy() semantics for read()/write(), big deal. The same way you aren't supposed to use memcpy() for overlapping areas, you're not supposed to read/write into such areas, for all the same reasons. > One fix is to > do the copy with descending addresses if src<dest or whatever. No. That wouldn't work anyway, because the addresses are totally different kinds. > But then how to return the number of bytes?? The way we do now, which is the CORRECT way. Stop this idiocy. The current interface is quite well-defined, and has good semantics. Every single argument against it has been totally bogus, with no redeeming values. Linus - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/