[Top] [All Lists]

Re: Interface for the new fallocate() system call

To: Jan Engelhardt <jengelh@xxxxxxxxxxxxxxx>
Subject: Re: Interface for the new fallocate() system call
From: Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx>
Date: Thu, 29 Mar 2007 11:37:03 -0700 (PDT)
Cc: "linux-os (Dick Johnson)" <linux-os@xxxxxxxxxxxx>, "Amit K. Arora" <aarora@xxxxxxxxxxxxxxxxxx>, akpm@xxxxxxxxxxxxxxxxxxxx, linux-fsdevel@xxxxxxxxxxxxxxx, linux-kernel@xxxxxxxxxxxxxxx, linux-ext4@xxxxxxxxxxxxxxx, xfs@xxxxxxxxxxx, suparna@xxxxxxxxxx, cmm@xxxxxxxxxx
In-reply-to: <Pine.LNX.4.61.0703292002210.31834@xxxxxxxxxxxxxxx>
References: <20070117094658.GA17390@xxxxxxxxxxxxxxxxxxxx> <20070225022326.137b4875.akpm@xxxxxxxxxxxxxxxxxxxx> <20070301183445.GA7911@xxxxxxxxxxxxxxxxxxxx> <20070316143101.GA10152@xxxxxxxxxxxxxxxxxxxx> <20070316161704.GE8525@xxxxxxxxxxxxxxxxxxxxxxxxxxxx> <20070317111036.GC29931@xxxxxxxxxxxxxxxx> <20070321120425.GA27273@xxxxxxxxxxxxxxxxxxxx> <20070329115126.GB7374@xxxxxxxxxxxxxxxxxxxx> <Pine.LNX.4.61.0703291854000.31834@xxxxxxxxxxxxxxx> <Pine.LNX.4.61.0703291314330.4366@xxxxxxxxxxxxxxxxxx> <Pine.LNX.4.61.0703292002210.31834@xxxxxxxxxxxxxxx>
Sender: xfs-bounce@xxxxxxxxxxx

On Thu, 29 Mar 2007, Jan Engelhardt wrote:
> I have to disagree, since wrapping it into a struct and copying the struct
> in kernelspace from userspace requires more code.

Not just more code, but more security issues too.

Passing system call arguments by value means that there are no subtle 
security issues - the value you use is the value you got. But once you 
pass-by-reference, you have to make damn sure that you do the proper user 
space accesses and verify the pointer correctly.

User-space (aka "user-supplied") pointers are just more dangerous. We 
obviously can't avoid them, but they need much more care than just a 
random value directly passed in a register.


<Prev in Thread] Current Thread [Next in Thread>