Linux 内核中的 copy_from_user 如何在内部工作? [英] How does copy_from_user from the Linux kernel work internally?

问题描述

copy_from_user() 函数在内部究竟是如何工作的?考虑到内核确实有权访问用户内存空间，它是否使用任何缓冲区或是否进行了任何内存映射?

How exactly does the copy_from_user() function work internally? Does it use any buffers or is there any memory mapping done, considering the fact that kernel does have the privilege to access the user memory space?

推荐答案

copy_from_user() 的实现高度依赖于架构.

The implementation of copy_from_user() is highly dependent on the architecture.

在 x86 和 x86-64 上，它只是从用户空间地址直接读取并写入内核空间地址，同时临时禁用 SMAP(管理模式访问保护)(如果已配置).其中棘手的部分是 copy_from_user() 代码被放置在一个特殊的区域中，以便页面错误处理程序可以识别其中何时发生错误.copy_from_user() 中发生的内存保护错误不会像由任何其他进程上下文代码触发那样杀死进程，也不会像发生在中断中那样使内核恐慌上下文 - 它只是在返回 -EFAULT 给调用者的代码路径中恢复执行.

On x86 and x86-64, it simply does a direct read from the userspace address and write to the kernelspace address, while temporarily disabling SMAP (Supervisor Mode Access Prevention) if it is configured. The tricky part of it is that the copy_from_user() code is placed into a special region so that the page fault handler can recognise when a fault occurs within it. A memory protection fault that occurs in copy_from_user() doesn't kill the process like it would if it is triggered by any other process-context code, or panic the kernel like it would if it occured in interrupt context - it simply resumes execution in a code path which returns -EFAULT to the caller.

这篇关于Linux 内核中的 copy_from_user 如何在内部工作?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！