Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
How exactly does the copy_from_user() function work internally? Does it use any buffers or is there any memory mapping done, considering the fact that kernel does have the privilege to access the user memory space?
The implementation of
copy_from_user()is highly dependent on the architecture.On x86 and x86-64, it simply does a direct read from the userspace address and write to the kernelspace address, while temporarily disabling SMAP (Supervisor Mode Access Prevention) if it is configured. The tricky part of it is that the
copy_from_user()code is placed into a special region so that the page fault handler can recognise when a fault occurs within it. A memory protection fault that occurs incopy_from_user()doesn’t kill the process like it would if it is triggered by any other process-context code, or panic the kernel like it would if it occured in interrupt context – it simply resumes execution in a code path which returns-EFAULTto the caller.