I have an IOCTL defined something like this:
_IOWR (0xfe, (30<<3 + 0), __u8 [696])
I'm really passing in a structure of size 696 (does that matter)?
When I make the copy from user call:
if ((ret = copy_from_user(&reqconf, arg, sizeof(reqconf)))) {
printk("ERROR: copy_from_user returned: %i, sizeof(reqconf): %i\n",
ret, sizeof(reqconf));
return ret;
}
I see this printed out:
ERROR: copy_from_user returned: 696, sizeof(reqconf): 696
According to some docs I saw on the web, it should return 0, or the
number it has left to copy. So, why does it have 696 bytes left
to copy??
Thanks,
Ben
--
Ben Greear <[email protected]> <Ben_Greear AT excite.com>
President of Candela Technologies Inc http://www.candelatech.com
ScryMUD: http://scry.wanfear.com http://scry.wanfear.com/~greear
Ben Greear wrote:
>
> I have an IOCTL defined something like this:
>
> _IOWR (0xfe, (30<<3 + 0), __u8 [696])
>
> I'm really passing in a structure of size 696 (does that matter)?
>
> When I make the copy from user call:
>
> if ((ret = copy_from_user(&reqconf, arg, sizeof(reqconf)))) {
> printk("ERROR: copy_from_user returned: %i, sizeof(reqconf): %i\n",
> ret, sizeof(reqconf));
> return ret;
> }
>
> I see this printed out:
>
> ERROR: copy_from_user returned: 696, sizeof(reqconf): 696
>
> According to some docs I saw on the web, it should return 0, or the
> number it has left to copy. So, why does it have 696 bytes left
> to copy??
Because it couldn't copy any of the data? The code I have seen
generally returns -EFAULT in that case.
Could you be trying to copy data from somewhere that the user does not
have permission to read? Can you verify that both pointers are valid?
&reqconf should be in the kernel's memory space and arg should be a
pointer provided by the user-space app pointing to memory in userland.
You might want to get the Linux Device Drivers book... the 2nd ed. is
out.
HTH,
Eli
--------------------. "If it ain't broke now,
Eli Carter \ it will be soon." -- crypto-gram
eli.carter(a)inet.com `-------------------------------------------------
From: Ben Greear <[email protected]>
Date: Thu, 14 Feb 2002 19:10:20 -0700
When I make the copy from user call:
if ((ret = copy_from_user(&reqconf, arg, sizeof(reqconf)))) {
printk("ERROR: copy_from_user returned: %i, sizeof(reqconf): %i\n",
ret, sizeof(reqconf));
return ret;
}
I see this printed out:
ERROR: copy_from_user returned: 696, sizeof(reqconf): 696
Either:
1) 'arg' is a bogus userland pointer
or
2) 'arg' is a valid userland pointer, but someone has done a
set_fs(KERNEL_DS) so only kernel pointers are valid for user
copies.
A lot of the "32-bit userland on 64-bit kernel" compatability laters
work by doing #2. They munge the 32-bit user structures into kernel
side copies, and do set_fs(KERNEL_DS) and pass in the pointers to the
kernel copies to the real syscall then finally restore things back to
USER_DS.
copy_{to,from}_user always return, as you correctly noted, the amount
of data that could not be copied or "0" for success. That is why all
code does something like this:
err = 0;
if (copy_{to,from}_user(...))
err = -EFAULT;
I don't know where some people get the idea that copy_{to,from}_user
should return -EFAULT on failure. Maybe some port is buggy :-)