That was also patched, but yours is better.


---
~Randy
*** Remember to use Documentation/SubmitChecklist when testing your code ***
--

[ message continues ]

Not very well.

+		rc = copy_from_user(&record_id, (void __user *)arg,
+				    sizeof(u64));

better to use sizeof(record_id).

Where's Len??


Anyway, this should be fixed in x86 core, I suspect.
--

[ message continues ]

Yes. I think so too.

Best Regards,
Huang Ying


--

[ message continues ]

Agreed.  Looking at it now.

	-hpa

-- 
H. Peter Anvin, Intel Open Source Technology Center
I work for Intel.  I don't speak on their behalf.

--

[ message continues ]

[Adding Linux and linux-arch.  The context is that get_user/put_user
don't work on 64 bit values on i386.]


After looking at it -- and suffering a bad case of déjà vu -- I'm
reluctant to change it, as get/put_user are specified to work only on
locally atomic data:

 * This macro copies a single simple variable from user space to kernel
 * space.  It supports simple types like char and int, but not larger
 * data types like structures or arrays.

Given that u64 is not a simple type on 32 bits, it would appear that the
behavior is intentional.

A user might very well find that supporting u64 and/or structure types
would be beneficial, but it would a) be a semantic change, and b) would
introduce the possibility of a partially completed transfer.  That is a
semantic change to the interface.  However, it may very well be nicer to
have a generally available get_user()/put_user() for the cases which
would just kick an EFAULT up the stack when they fail anyway.

If there is consensus for making get_user/put_user a general interface,
I'm more than willing to do the x86 changes, but I don't want to do them
a) unilaterally and b) for 2.6.36.  This seems like .37 material at this
point.

	-hpa

-- 
H. Peter Anvin, Intel Open Source Technology Center
I work for Intel.  I don't speak on their behalf.

--

[ message continues ]

It occurs so rarely that it's probably not worth bothering about, IMO.

However we should arrange for it to fail at compile time rather than
at link time, please.



--

[ message continues ]

That is easy to do, of course.

	-hpa

-- 
H. Peter Anvin, Intel Open Source Technology Center
I work for Intel.  I don't speak on their behalf.

--

[ message continues ]

I think the real question is if we want people to convert:

	if (copy_from_user(foo, bar, sizeof *foo))
		return -EFAULT;

... into ...

	if (get_user(*foo, bar))
		return -EFAULT;

... or ...

	rv = get_user(*foo, bar);
	if (rv)
		return rv;

... where *foo is a structure type.  It does have the advantage that a
single API does everything, simple or not, but has the disadvantage that
the partial-access semantics are now less explicit.

	-hpa

-- 
H. Peter Anvin, Intel Open Source Technology Center
I work for Intel.  I don't speak on their behalf.

--

[ message continues ]

Well, anyone who does get_user() on a struct while expecting it to be
atomic gets to own both pieces.  I think the problem here is
specifically u64/s64.  These work on 64-bit but don't work on 32-bit.

Is the atomicity really a problem?  If userspace updates the 64-bit
number while the kernel is copying it, the kernel gets a garbage
number.  But so what?  Userspace can feed the kernel garbage numbers in
lots of ways, and the kernel must be able to cope with it
appropriately.


<I suspect you can do get_user() on a 4-byte or 8-byte struct right now
and it'll work>
--

[ message continues ]

Not so:

/home/hpa/kernel/linux-2.6-tip.urgent/arch/x86/lib/testuser.c:12: error: 
conversion to non-scalar type requested

	-hpa
[ message continues ]