Subject: uvm_useracc() considered harmful
To: None <email@example.com>
From: Chuck Silvers <firstname.lastname@example.org>
Date: 11/08/2003 16:46:04
uvm_useracc() is used in the kernel to check permissions on mappings in
a user process, and many drivers (mostly framebuffers) use this as a
pre-check for copyin/copyout. the assumption is that if uvm_useracc()
says that the mapping gives permission for the desired access, then that
access will succeed. this assumption is incorrect however, since the
mapping might reference data which is not in memory, and the attempt to
bring the data into memory (from swap, or from a mapped file) might fail
for reasons such as media errors.
thus, I propose to eliminate uvm_useracc() in favor of simply checking
the return value from copyin/copyout. of the ~170 calls to this function,
most of them are used as I describe above, and the rest are misguided
optimizations, which optimize for the case where an operation will fail.
the diff to achieve this is at
I can't test many of these drivers since I don't have the hardware,
so could people either try it out or eyeball the diff?