On Fri, Jan 10, 2014 at 05:14, Miod Vallat wrote: >> The only caller of kcopy is uiomove. There is no way a function like >> this can ever work. If you need to rely on your copy function to save >> you from pointers outside the address space, it means you don't know >> what garbage you're passing it. Meaning you may well be passing it >> pointers inside the address space, but to something unexpected, which >> you will then shit on. >> >> Replace with memcpy. > > Vetoed. > > kcopy() is not only used to move data from the kernel data section to > the kernel data section. > > It is used to move data *within the kernel address space* to data > *within the kernel address space*. Think dd if=/dev/mem ...
isn't that an example of kernel address space to userland? i did dig around a bit into uvm_io and callers, but didn't see anything that depended on kcopy fault protection. there were some comments indicating it is perhaps a holdover from swappable upage?