[prev in list] [next in list] [prev in thread] [next in thread] 

List:       freebsd-hackers
Subject:    Re: copyin/copyout routines.
From:       Mike Smith <mike () smith ! net ! au>
Date:       1998-10-31 23:50:15
[Download RAW message or body]

> 
> someone showed me a driver they were working on that was getting errors
> using copyin and copyout.. the error was when they used copyin to copy
> from user land into the kernel they would get a bad adress error.
> 
> the location they were copying to was on the kernel stack ie.
> 
> int x;
> 
> y = copyin(useraddr, &x, sizeof(x));
> 
> for some reason i think that copyin only works in/out of the kernel malloc
> error, basically he should be copying into malloc'd areas, not the stack.
> 
> is this true?

No.  Getting EFAULT from copyin/out means that the user address is bad.

In most cases, it's wrong to use copyin/out in a driver anyway; you 
should be using uiomove.

Typically you will get this problem if you are making a mistake about 
the semantics of the data arg to your ioctl handler, either indirecting 
one time too many or one time too few (copying from the address of the 
kernel copy of the value, or copying from the address value at the 
location in userspace that the copied value points to).

-- 
\\  Sometimes you're ahead,       \\  Mike Smith
\\  sometimes you're behind.      \\  mike@smith.net.au
\\  The race is long, and in the  \\  msmith@freebsd.org
\\  end it's only with yourself.  \\  msmith@cdrom.com



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message

[prev in list] [next in list] [prev in thread] [next in thread]