Linus Torvalds wrote:
quoted text
> 
> On Tue, 17 Jun 2008, Andi Kleen wrote:
>> The x86-64 copy_*_user functions were always designed to return errors
>> both ways (as in both for load and for store).
> 
> That's not the problem, Andi.
> 
> The problem is that it returns THE WRONG VALUE!
> 
> If the fault happened on the second load, 

Loads are not supposed to fault in copy_to_user(). Only stores are.

The way it works is that it assumes that either loads fault (when used
as copy_from_user) or stores (copy_to_user), but never both.

quoted text
> but the first load was never 
> actually paired up with a store (because of unrolling the loop), then YOU 
> MUST NOT CLAIM THAT YOU DID A 8-BYTE COPY! Because you have copied exactly 
> _zero_ bytes, even though you _loaded_ 8 bytes successfully!
> 
> See?
> 
> Claiming that you copied 8 bytes when you didn't do anything at all is 
> WRONG. It's so incredibly wrong that it is scary. 

If your patch fixes something then the main wrong thing is the caller
who passes a faulting source address.

And again it always breaks the other case.

-Andi


--
unsubscribe notice
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/