Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

What are the implications of the linux __user macro?

Tags:

c

macros

linux-kernel

kernel

I was hoping someone could explain the nuances of the __user macro used in the linux kernel source.

First of all, the macro:

# define __user         __attribute__((noderef, address_space(1)))

Now, after some googling I read that this macro allows one to designate a pointer as belonging to the user address space, and that it should not be dereferenced.

I may be missing some obvious facts, but could someone please explain the implications of such a macro? For instance, what is a good example of where this macro would be of use? Again, forgive me if I am missing something obvious.

To put this in some context, I came accross the macro while examining some USB code (linux/usbdevice_fs.h). I am only looking for a general understanding of this macros( or others like it) use within the kernel.

Thanks for looking!

like image 288
Mr. Shickadance Avatar asked Dec 23 '10 18:12

Mr. Shickadance

People also ask

What is __ user in Linux?

The __user macro is defined with some other macros like __force / __kernel etc in the compiler. h header file. They are actually not of any use to traditional compilers, including GCC/ICC etc. But it's useful for kernel static analysis tools like sparse (more information here: Sparse - Linux Kernel Newbies).

How does copy to user work?

A copy to or from user space is executed by the kernel code that is executing on behalf of the process and actually it's the memory mapping (i.e. page tables) of that process that are in-use during the copy. This takes place while execution is in kernel mode - i.e. privileged/supervisor mode in x86 language.

2 Answers

It allows tools like sparse to tell kernel developers that they're possibly using an untrusted pointer (or a pointer that may be invalid in the current virtual address mapping) improperly.

like image 199
Michael Burr Avatar answered Oct 28 '22 11:10

Michael Burr

I think __user marks user space pointers and tells the developer/system not to trust it. If user gives you "invalid" pointer, then kernel tries to reference it (note that kernel can reference everywhere) and it can corrupt it's own space.

For example in "read"(in you usbdevice_fs.h) should provide you a (__user) buffer to write the result to. So you have to use copy_to_user, but not memcopy, strcpy or anything like this.

Note: This is not formal definition/description, but the only part I'm aware of.

like image 24
Azho KG Avatar answered Oct 28 '22 12:10

Azho KG
Sign in to Comment

Related questions

How do you check if a directory exists on Windows in C?
Is NULL always false?
why does long long 2147483647 + 1 = -2147483648? [duplicate]
How can I print the result of sizeof() at compile time in C?
Makefile to compile multiple C programs?
How can I read an input string of unknown length?
How do you declare string constants in C?
Why does gcc allow arguments to be passed to a function defined to be with no arguments?
Bitwise operators and "endianness"
Performance of built-in types : char vs short vs int vs. float vs. double
What's the Use of '\r' escape sequence?
Disadvantages of scanf
Loop with a zero execution time
Can I assume the size of long int is always 4 bytes?
C - determine if a number is prime
Bind failed: Address already in use
How can I break out of two nested for loops in Objective-C?
Is there a reason why not to use link-time optimization (LTO)?
How does dereferencing of a function pointer happen?
Why must a short be converted to an int before arithmetic operations in C and C++?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!