'kernel space'에 해당되는 글 1건

  1. 2012.07.01 __user
리눅스/커널2012. 7. 1. 11:25

__user 로 타입이 정의된 변수는 kernel space 밖에 있다는 걸 의미한다.


예를 들어,


char __user *buff


라고 하면, 이는 user space안에 char *buff라고 선언한 것이다.


이를 이용해 kernel과 user 공간 사이의 communication(예: read/write )을 할 때 편리하게 쓸 수 있다. 


이와 함께 쓰이는 함수가 대표적으로 copy_from_user 와 copy_to_user가 있겠다.



stackoverflow에 보니 아래와 같은 질문이 있었다.

http://stackoverflow.com/questions/4521551/what-are-the-implications-of-the-linux-user-macro


I was hoping someone could explain the nuances of the __user macro used in the linux kernel source.

First of all, the macro:
# define __user __attribute__((noderef, address_space(1)))

Now, after some googling I read that this macro allows one to designate a pointer as belonging to the user address space, and that it should not be dereferenced.

I may be missing some obvious facts, but could someone please explain the implications of such a macro? For instance, what is a good example of where this macro would be of use? Again, forgive me if I am missing something obvious.

To put this in some context, I came accross the macro while examining some USB code (linux/usbdevice_fs.h). I am only looking for a general understanding of this macros( or others like it) use within the kernel.

Thanks for looking!
c macros linux-kernel kernel link|edit|flag asked Dec 23 '10 at 18:46

Mr. Shickadance
1,155624

82% accept rate

2

See do_execve() source for good example. See how argv is used in count(). If you'd simply dereference (*argv[0]) or something, sparse(1) will warn about it. address_space says not all pointers are equal, requiring different (dereference) rules and should not be mixed. – adobriyan Dec 24 '10 at 17:12


2 Answers
active
oldest
votes
up vote
4
down vote
accepted
It allows tools like sparse to tell kernel developers that they're possibly using an untrusted pointer (or a pointer that may be invalid in the current virtual address mapping) improperly.link|edit|flag answered Dec 23 '10 at 18:59

Michael Burr
117k11123313




up vote
3
down vote
I think __user marks user space pointers and tells the developer/system not to trust it. If user gives you "invalid" pointer, then kernel tries to reference it (note that kernel can reference everywhere) and it can corrupt it's own space.

For example in "read"(in you usbdevice_fs.h) should provide you a (__user) buffer to write the result to. So you have to use copy_to_user, but not memcopy, strcpy or anything like this.

Note: This is not formal definition/description, but the only part I'm aware of.


__user로 선언된 변수는 dereference를 할 경우 어떤 동작을 일으킬지 모르는 것 같다.(untrusted pointer라는 문맥)  저렇게 함으로서 개발자(?)에게 __user로 선언된 변수를 deference하지 말라고 표시 하는 거 같다.

Posted by code cat