return value of copy_from_user()

Question

Here is the description of the return value.

unsigned long copy_from_user
    (void *to, const void __user *from, unsigned long count)

The return value is the amount of memory still to be copied.

What does it really mean? If the return value is 5, are (count-5) bytes copied? What is the reason that (count-5) bytes are copied only? Is it because size of to is smaller than from (the system should be crashed then, right)?

Answer 1

The copy_from_user function can fail for various reasons (typically because of an invalid address), copying only part of the requested data, or even none of it.

There's a convention (not quite universally followed) of functions returning 0 to denote success. In the case of copy_from_user, defining the result as the number of bytes not copied allows it to follow this convention with a fairly simple rule.

Intuitively, it might make more sense for it to return the number of bytes actually copied, but the way it's defined allows code that uses it to test for errors in a similar manner as for other functions that return 0 on success. (And in many cases, it doesn't matter how many bytes it failed to copy; any non-zero result is just an error.)

If it returns a non-zero value that's less than count, indicating a partial copy, it probably means that the user-space memory buffer starts within the user process's address space but extends beyond the end of it.