Qualcomm Interview Question
Software Engineer / DevelopersCountry: United States
copy_from_user() is usually used when writing certain device drivers. Note that there is no "mapping" of bytes here, the only thing that is happening is the copying of bytes from a certain virtual location mapped in user-space to bytes in a location in kernel-space. This is done to enforce separation of kernel and user and to prevent any security flaws -- you never want the kernel to start accessing and reading arbitrary user memory locations or vice-versa. That is why arguments and results from syscalls are copied to/from the user before they actually run.
h-t-t-p://stackoverflow.com/questions/12925339/the-implementation-of-copy-from-user
User memory is untrusted.
It is possible that a thread doing a syscall will get scheduled out after validating the user memory but before actually completing the syscall. A different process thread might now replace the user memory with a different one, invalidating the memory. (Or if it is a multiprocessor machine...)
In order to be secure/correct, trying to validate the memory on each switch is pointless. In fact, should we allow the memory to change? Making a copy first is better in terms of security and (eventual) performance etc.
Also a memcopy may not work for all the architectures.
Also the user may pass something junk, so some sanity check on the address .. etc
what do you guys say
One correction :) When a process gets scheduled out just before completing copy_from_user() and then gets scheduled back in, at that point the address space doesn't belong to last process that ran on that CPU. It actually belongs to the process that was scheduled out. This is because during a process switch, CR3 register (on x86 and AMD64) is restored. This register points to page global directory, the top level page table. Hence full address space of the process being switched-in is restored. So copy_from_user() will resume normally.
copy_from_user() is required because, user memory page can be swapped. This will create the problem if user memory is provided to DMA of some device driver.
If kernel provided the user memory to device driver and called scheduler. Scheduler might schedule new task which can swap out the page containing the user memory given to device driver. If the device driver DMA starts at this moment, then it will read the wrong data.
one of the major requirement in system call implementation is to check the validity of user parameter pointer passed as argument, kernel should not blindly follow the user pointer as the user pointer can play tricks in many ways. Major concerns are: 1. it should be a pointer from that process address space - so that it cant get into some other process address space. 2. it should be a pointer from user space - it should not trick to play with a kernel space pointer. 3. it should not bypass memory access restrictions.
- ritesh ghosh May 22, 2013that is why copy_from_user() is performed. It is blocking and process sleeps until page fault handler can bring the page from swap file to physical memory.