> I'm afraid, the cookie handling is not sufficient. At any rate userland
> memory access should only happen through user_memcpy().
> E.g. in user_get_next_port_info():
>
[snip]
>
> This can probably be simplified a bit by introducing template functions for
> dealing with reference variables copied from
> userland. They may look like this:
>
[snip]
>
> The latter does little, but provides a bit more type safety, which makes
> bugs like the one I just fixed in
> user_get_next_port_info() (info was copied into ucookie) less likely.
Okay, I'll adjust accordingly.
> [...]
> > @@ -538,11 +554,20 @@
> > // _kern_get_disk_device_data
> > status_t
> > _kern_get_disk_device_data(partition_id id, bool deviceOnly, bool shadow,
> > - user_disk_device_data *buffer, size_t
> > bufferSize,
> > + user_disk_device_data *_buffer, size_t
> > bufferSize,
> > size_t *neededSize)
> > {
> > - if (!buffer && bufferSize > 0)
> > + if (!_buffer && bufferSize > 0)
> > return B_BAD_VALUE;
> > +
> > + // copy in
> > + user_disk_device_data *buffer = bufferSize > 0
> > + ?
> > reinterpret_cast<user_disk_device_data*>(malloc(bufferSize))
>
> static_cast should be sufficient, BTW. No need for the sledgehammer. ;-)
I'm not sure I see how reinterpret_cast<> is a sledgehammer.
> However, we should be more careful here. Since bufferSize may have a huge
> value, we shouldn't malloc() kernel memory unchecked.
> So, either we set a reasonably great size constraint (100KB or so maybe) or
> do a dry run with the UserDataWriter to get the
> exactly required size. I'd prefer the latter solution.
Okay, I go for the latter.
[snip]
> Damn, I didn't think of that -- I'm afraid this doesn't work
> The problem is, that user_disk_device_data/user_partition_data make use of
> pointers into the same buffer, that would need to be
> relocated when copied back into the userland buffer.
>
> There are at least two solutions:
>
> 1) IIRC, Axel once mentioned, that one could lock userland memory and
> wouldn't need to do the copying into kernel memory and
> back, then. I don't remember what the status of this feature was.
> Unimplemented?
>
> 2) Relocate the pointers. It shouldn't be too hard to add the required
> relocation functionality to UserDataWriter and make the
> concerned classes use it.
>
> Given that the amount of memory to be copied is not that big (I guess
> usually less than 500 bytes per partition) solution 2)
> should be fine. Since I need the test working, I'll fix that as soon as I
> managed to track the compilation error down.
Okay.
-Tyler