Subject: Re: kcopy()
To: Andrew Brown <>
From: Matt Thomas <>
List: tech-kern
Date: 12/20/2003 09:21:15
At 09:05 AM 12/20/2003, Andrew Brown wrote:
> >>my reading of the kcopy() man page made me think that i could pass it
> >>a "src" pointer and a "dst" pointer, and it would return EFAULT if
> >>either of the pointers were invalid.
> >>
> >>instead, i'm getting kernel panics.
> >>
> >>is there a better interface for copying from place to place when you
> >>don't know the exact disposition of the pointers (so i can't really
> >>use memcpy())?
> >
> >Who is giving you pointers you can't trust?  That sounds like a broken
> >interface.
>the kernel, device drivers, lkms, and some users.  i don't trust
>everyone and i'd like not to have to trust anyone.

The first 3 can be wholely trusted.  The last can't be trusted at all.
And really, you should NEVER accept a kernel address from a user process.
That is a violation of the user-kernel schism.

>just because you trust that the pointer you give me is valid doesn't
>mean i trust you to give me a valid pointer, and if i keep the pointer
>for a few hours, will it still be valid?

If it's given to you from another part of the kernel, you have to
trust they won't go away and if they do go away, you will be informed
ahead of time.

If the address is from a user-process, you can't trust it at all.
As I've said before, that shouldn't be allowed.

>you can't say "yes", so i'm saying "no".

Matt Thomas                     email:
3am Software Foundry              www:
Cupertino, CA              disclaimer: I avow all knowledge of this message.