Subject: copyin/copyout argument checking
To: None <tech-kern@NetBSD.ORG>
From: Mark Brinicombe <mark@causality.com>
List: tech-kern
Date: 07/29/1998 01:45:02
Hi,
I've just fixed a bug that got introduced into the arm32 copyin/copyout
functions recently and this raised a question as to the correct usage of
these functions. The manual page states
"The copy functions return 0 on success or EFAULT if a bad address is
encountered."
I read this to mean that if an invalid user address is specified (e.g. a
kernel space address is used instead) that EFAULT should be returned.
However looking at the usage of copyin() within the kernel it appears that
this is only the case if the length > 0 i.e. a copy length of zero means
that the address should not be validated and function should always return
0.
On arm32 (and I assume on others) 0x00000000 is not a valid user address,
thus a copyin from this address should fail. However calls such as
copyin(0x00000000, kva, 0)
are expected to succeed (caused by setgroups(0, NULL) in tftpd)
Is the description in the manual page just lacking and this is the
defiend behaviour or should the kernel not rely on this behaviour ?
Cheers,
Mark