From owner-freebsd-hackers  Sat Oct 31 17:49:23 1998
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id RAA17804
          for freebsd-hackers-outgoing; Sat, 31 Oct 1998 17:49:23 -0800 (PST)
          (envelope-from owner-freebsd-hackers@FreeBSD.ORG)
Received: from dingo.cdrom.com (castles215.castles.com [208.214.165.215])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id RAA17792
          for <hackers@FreeBSD.ORG>; Sat, 31 Oct 1998 17:49:20 -0800 (PST)
          (envelope-from mike@dingo.cdrom.com)
Received: from dingo.cdrom.com (localhost [127.0.0.1])
	by dingo.cdrom.com (8.9.1/8.8.8) with ESMTP id PAA01372;
	Sat, 31 Oct 1998 15:50:16 -0800 (PST)
	(envelope-from mike@dingo.cdrom.com)
Message-Id: <199810312350.PAA01372@dingo.cdrom.com>
X-Mailer: exmh version 2.0.2 2/24/98
To: Alfred Perlstein <bright@hotjobs.com>
cc: hackers@FreeBSD.ORG
Subject: Re: copyin/copyout routines. 
In-reply-to: Your message of "Sat, 31 Oct 1998 10:07:47 EST."
             <Pine.BSF.4.05.9810311004280.9417-100000@porkfriedrice.ny.genx.net> 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Sat, 31 Oct 1998 15:50:15 -0800
From: Mike Smith <mike@smith.net.au>
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

> 
> someone showed me a driver they were working on that was getting errors
> using copyin and copyout.. the error was when they used copyin to copy
> from user land into the kernel they would get a bad adress error.
> 
> the location they were copying to was on the kernel stack ie.
> 
> int x;
> 
> y = copyin(useraddr, &x, sizeof(x));
> 
> for some reason i think that copyin only works in/out of the kernel malloc
> error, basically he should be copying into malloc'd areas, not the stack.
> 
> is this true?

No.  Getting EFAULT from copyin/out means that the user address is bad.

In most cases, it's wrong to use copyin/out in a driver anyway; you 
should be using uiomove.

Typically you will get this problem if you are making a mistake about 
the semantics of the data arg to your ioctl handler, either indirecting 
one time too many or one time too few (copying from the address of the 
kernel copy of the value, or copying from the address value at the 
location in userspace that the copied value points to).

-- 
\\  Sometimes you're ahead,       \\  Mike Smith
\\  sometimes you're behind.      \\  mike@smith.net.au
\\  The race is long, and in the  \\  msmith@freebsd.org
\\  end it's only with yourself.  \\  msmith@cdrom.com



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message