Errata

Understanding the Linux Kernel

Errata for Understanding the Linux Kernel

Submit your own errata for this product.

The errata list is a list of errors and their corrections that were found after the product was released.

The following errata were submitted by our customers and have not yet been approved or disproved by the author or editor. They solely represent the opinion of the customer.

Color Key: Serious technical mistake Minor technical mistake Language or formatting error Typo Question Note Update

Version Location Description Submitted by Date submitted
PDF Page 37
Last two lines.

The lines say. "The value denotes the highest privilege level, while the value 3 denotes the lowest. Linux uses only levels and 3, which are respectively called Kernel Mode and User Mode."

Probably should read "The value 0 ..." and "Linux uses only levels 0 and 3,...".

I think "0" is missed in both the places. Hope it is not a pdf error.

Thanks.

 Avinash Kambil  Dec 26, 2010 
Printed Page 38
3rd bullett

The 20-bit Limit field denotes the segment length in "Granularity Units", not bytes. As described in the very next sentence, the segment length can range from 1 byte to 1MB, or from 4KB to 4GB, depending on the "G" granularity flag (which is described in the 2nd bullett).

 Bruce Baumann  Aug 01, 2011 
Printed Page 50
last paragraph

0x2003ffff is the address in the example.

The first 10 bits of this address would be 1000000000 which is 512 not 128 as given in the example.

Am I wrong?

 Anonymous  Nov 23, 2008 
Printed Page 50
Last paragraph

Never mind. The book is right. I am wrong. Please ignore my earlier message.

 Anonymous  Nov 23, 2008 
PDF Page 76
silly_copy code sample

The code for silly_copy has a minor typo, the missing comma in "unsigned long len" (should be "unsigned long, len"). More serious is the ability to totally take down the Linux kernel from userland with this code since the buffer used is a limited size (the size of an unsigned long) and you copy data into it based on the user parameter. This is a security hole large enough to drive a space shuttle through :-)

The following code, as posted at http://stackoverflow.com/questions/6515227/source-code-example-from-linux-kernel-programming/6515426#6515426 has fixed both these problems, reproduced below to make this note complete.

SYSCALL_DEFINE3(silly_copy,
unsigned long *, src,
unsigned long *, dst,
unsigned long, len)
{
unsigned long buf[64]; /* Buffer for chunks */
unsigned long lenleft = len; /* Remaining size */
unsigned long chunklen = sizeof(buf); /* Initial chunk length */

/* Loop handling chunk sizes */

while (lenleft > 0) {
/* Change chunk length on last chunk */

if (lenleft < chunklen) chunklen = lenleft;

/* copy src(user) to buf(kernel) then dst(user) */

if (copy_from_user(&buf, src, chunklen)) return -EFAULT;
if (copy_to_user(dst, &buf, chunklen)) return -EFAULT;

/* Adjust pointers and remaining size */

src += chunklen; dst += chunklen; lenleft -= chunklen;
}

/* return amount of data copied */
return len;
}

 Anonymous  Jun 28, 2011