On 2003-09-27 at 16:11:02 [+0200], Axel Dörfler wrote: > Ingo Weinhold <bonefish@xxxxxxxxxxxxxxx> wrote: > > I'm afraid, the cookie handling is not sufficient. At any rate > > userland memory access should only happen through user_memcpy(). > > E.g. in user_get_next_port_info(): > > > > if ((addr)ucookie >= KERNEL_BASE && (addr)ucookie <= KERNEL_TOP) > > return ERR_VM_BAD_USER_MEMORY; > > We even have a handy macro for this: > if (!CHECK_USER_ADDRESS(userCookie)) > return B_BAD_ADDRESS; Ah, right, I vaguely remember having seen this one before. :-) > Please don't use the ERR_xxx style error codes anymore, they will be > phased out until R1. Sure, I was just too lazy to look up the right error code (though it's name is not really a surprise :-). ;-) [...] > > There are at least two solutions: > > > > 1) IIRC, Axel once mentioned, that one could lock userland memory > > and wouldn't need to do the copying into kernel memory and > > back, then. I don't remember what the status of this feature was. > > Unimplemented? > > In the current VM, this is not implemented, right. But even BeOS does > this, so we could do this, too (right now, there is no swap file, so > nothing is paged out anyway). But of course, those pointers would only > be valid in the current thread context, other kernel threads might not > be able to access it. That would be sufficient in this case. > > 2) Relocate the pointers. It shouldn't be too hard to add the > > required > > relocation functionality to UserDataWriter and make the concerned > > classes use it. > > That might be a good idea. Do we need to have pointers there, anyway? Probably even `need'. For name, content name, type and content type of a partition we could use fixed sized char arrays (though that would waste quite a lot of memory), but parameters and content parameters have no size restrictions. Offsets relative to the beginning of the buffer could be used, but that would be quite inconvenient. The pointer solution is quite OK, I think. CU, Ingo