On Tue, Sep 22, 2015 at 04:25:17PM +0300, Ville Syrjälä wrote:
On Tue, Sep 22, 2015 at 02:59:24PM +0200, Daniel Vetter wrote:
On Tue, Sep 22, 2015 at 03:35:13PM +0300, Ville Syrjälä wrote:
On Tue, Sep 22, 2015 at 02:17:51PM +0200, Daniel Vetter wrote:
Iirc short reads are ok in all cases, so we could even punt the restarting to userspace by just doing short reads/writes (like sockets do).
Yeah, short writes due to -EFAULT sound more dangerous than short reads. But I'm not sure there's any point in allowing short reads either in this case, so just returning the error upfront if access_ok() complains seems like a sane option to me.
access_ok _only_ does static checks (on x86 it only checks that it's a userspace address). Which means any kind of real faults will only happen later on in the actual copy_to/from_user. I'd say we can go meh if that happens - it's guaranteed to be userspace doing something silly since we don't need to hold any of the mm locks ;-)
Hmm, true. So I guess on -EFAULT we should:
if (copy_{to,from}_user()) return num_bytes_processed ? num_bytes_processed : -EFAULT;
Sound reasonable?
Yeah that's what I'd go with. -Daniel