Re: Interface for the new fallocate() system call

To:	Jan Engelhardt <jengelh@xxxxxxxxxxxxxxx>
Subject:	Re: Interface for the new fallocate() system call
From:	Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx>
Date:	Thu, 29 Mar 2007 11:37:03 -0700 (PDT)
Cc:	"linux-os (Dick Johnson)" <linux-os@xxxxxxxxxxxx>, "Amit K. Arora" <aarora@xxxxxxxxxxxxxxxxxx>, akpm@xxxxxxxxxxxxxxxxxxxx, linux-fsdevel@xxxxxxxxxxxxxxx, linux-kernel@xxxxxxxxxxxxxxx, linux-ext4@xxxxxxxxxxxxxxx, xfs@xxxxxxxxxxx, suparna@xxxxxxxxxx, cmm@xxxxxxxxxx
In-reply-to:	<Pine.LNX.4.61.0703292002210.31834@yvahk01.tjqt.qr>
References:	<20070117094658.GA17390@amitarora.in.ibm.com> <20070225022326.137b4875.akpm@linux-foundation.org> <20070301183445.GA7911@amitarora.in.ibm.com> <20070316143101.GA10152@amitarora.in.ibm.com> <20070316161704.GE8525@osiris.boeblingen.de.ibm.com> <20070317111036.GC29931@parisc-linux.org> <20070321120425.GA27273@amitarora.in.ibm.com> <20070329115126.GB7374@amitarora.in.ibm.com> <Pine.LNX.4.61.0703291854000.31834@yvahk01.tjqt.qr> <Pine.LNX.4.61.0703291314330.4366@chaos.analogic.com> <Pine.LNX.4.61.0703292002210.31834@yvahk01.tjqt.qr>
Sender:	xfs-bounce@xxxxxxxxxxx

On Thu, 29 Mar 2007, Jan Engelhardt wrote:
>
> I have to disagree, since wrapping it into a struct and copying the struct
> in kernelspace from userspace requires more code.

Not just more code, but more security issues too.

Passing system call arguments by value means that there are no subtle 
security issues - the value you use is the value you got. But once you 
pass-by-reference, you have to make damn sure that you do the proper user 
space accesses and verify the pointer correctly.

User-space (aka "user-supplied") pointers are just more dangerous. We 
obviously can't avoid them, but they need much more care than just a 
random value directly passed in a register.

                Linus

<Prev in Thread]	Current Thread	[Next in Thread>
Re: [RFC][PATCH] sys_fallocate() system call, (continued) Re: [RFC][PATCH] sys_fallocate() system call, Stephen Rothwell Re: [RFC][PATCH] sys_fallocate() system call, Stephen Rothwell Re: [RFC][PATCH] sys_fallocate() system call, Matthew Wilcox Re: [RFC][PATCH] sys_fallocate() system call, Amit K. Arora Re: [RFC][PATCH] sys_fallocate() system call, Chris Wedgwood Interface for the new fallocate() system call, Amit K. Arora Re: Interface for the new fallocate() system call, Chris Wedgwood Re: Interface for the new fallocate() system call, Jan Engelhardt Re: Interface for the new fallocate() system call, linux-os \(Dick Johnson\) Re: Interface for the new fallocate() system call, Jan Engelhardt Re: Interface for the new fallocate() system call, Linus Torvalds <= Re: Interface for the new fallocate() system call, Heiko Carstens Re: Interface for the new fallocate() system call, Andrew Morton Re: Interface for the new fallocate() system call, Heiko Carstens Re: Interface for the new fallocate() system call, Paul Mackerras Re: Interface for the new fallocate() system call, JÃrn Engel Re: Interface for the new fallocate() system call, Heiko Carstens Re: Interface for the new fallocate() system call, Jakub Jelinek Re: Interface for the new fallocate() system call, Heiko Carstens Re: Interface for the new fallocate() system call, Paul Mackerras Re: [RFC][PATCH] sys_fallocate() system call, Stephen Rothwell

Previous by Date:	Re: Interface for the new fallocate() system call, Jan Engelhardt
Next by Date:	Review: Make xfs_dm_sync_by_handle really sync data, David Chinner
Previous by Thread:	Re: Interface for the new fallocate() system call, Jan Engelhardt
Next by Thread:	Re: Interface for the new fallocate() system call, Heiko Carstens
Indexes:	[Date] [Thread] [Top] [All Lists]