Joachim Worringen wrote:
> Rao Shoaib schrieb:
>> Bill Sommerfeld wrote:
>>> On Thu, 2008-05-22 at 18:15 +0200, Joachim Worringen wrote:
>>>
>>>> 1. Check if a given user space address can be accessed for read or
>>>> write. I could imagine doing a dummy ddi_copyin() and check the return
>>>> code, but this seems not very elegant. It becomes worse for write
>>>> access. Linux has an "access_ok()" macro.
>>>>
>>> can you explain further what you're trying to do with this? another
>>> thread could get in sideways and unmap a page after your access_ok() ..
>>>
>>> why can't you just move data with ddi_copy*() when you have data to move?
>>>
>> Thanks for pointing this out BIll. Please do not use copyin/copyout as
>> suggested im my previous email. Those interfaces are obsolete. Use
>> ddi_copyin(9f)/ddi_copyout(9F).
>
> Yes, I'm using ddi_copy*. Conc. Bill's question: this is a valid
> concern, and I have asked this question myself. It's a porting thing -
> things are like this in the Linux version, and it would be easiest to
> mimic this 1:1. But I will see if this can be avoided.
In my opinion the check first then try style is wrong. It is likely
introducing a Time Of Check To Time Of Use (TOCTTOU) bug. In some cases
this could cause a security vulnerability. Also if the operation will
succeed you have wasted cycles asking first. If it is going to fail
the check in ddi_copy{in,out} will be just as fast as an explicit call
to check it first.
Not knowing what you are really doing I'm guessing but I wonder if
devmap_default_access(9F) and devmap_access(9E) might help you.
--
Darren J Moffat
_______________________________________________
opensolaris-code mailing list
[email protected]
http://mail.opensolaris.org/mailman/listinfo/opensolaris-code
