Path: utzoo!utgpu!water!watmath!clyde!att!osu-cis!tut.cis.ohio-state.edu!mailrus!uflorida!haven!mimsy!chris
From: chris@mimsy.UUCP (Chris Torek)
Newsgroups: comp.unix.wizards
Subject: Re: passing access rights
Message-ID: <14111@mimsy.UUCP>
Date: 22 Oct 88 15:34:29 GMT
References: <705@tub.UUCP>
Organization: U of Maryland, Dept. of Computer Science, Coll. Pk., MD 20742
Lines: 23

In article <705@tub.UUCP> net@tub.UUCP (Oliver Laumann) writes:
>...  Although the demonstration program attached
>to this article works fine under Integrated Solutions 4.3 BSD
>and SunOS 4.0, the calls to `sendmsg' and `recvmsg' both
>return "Bad address" under vanilla 4.3 BSD on a Microvax.
>I can't find the bug; all fields of the message structures
>passed to `sendmsg' and `recvmsg' are properly initialized.
>Unfortunately, the manual entries for these system calls
>do not indicate under what circumstances EFAULT is returned.

As it turns out, the problem is that copyin() may not do what was
intended if it is given a zero length.  In this case, it still probes
one page.  You can get the program to work by giving the address of
some object as `msg.msg_iov': msg.msg_iovlen can still be zero, but
msg.msg_iov must point to something.

Probably copyin() and copyout() should return zero (no error) when
asked to copy no bytes (as should bcopy()), and useracc and kernacc
should grant access to no bytes; then a number of tests for zero
lengths could be dropped elsewhere.
-- 
In-Real-Life: Chris Torek, Univ of MD Comp Sci Dept (+1 301 454 7163)
Domain:	chris@mimsy.umd.edu	Path:	uunet!mimsy!chris