IOCtl argument check
Subhashini Rao Beerisetty
subhashbeerisetty at gmail.com
Mon Sep 17 10:48:31 EDT 2018
Hi All,
Can someone clarify me on IOCtl argument check.
Kernel code has few IOCtl’s with a pointer to structure as an arguments.
For example please consider the below mentioned IOCtl’s.
#define MB862XX_L1_SET_CFG _IOW(MB862XX_BASE, 1, struct mb862xx_l1_cfg*)
#define MB862XX_L1_GET_CFG _IOR(MB862XX_BASE, 0, struct mb862xx_l1_cfg*)
#define AGPIOC_INFO _IOR (AGPIOC_BASE, 0, struct agp_info*)
If user space passes a structure object instead of pointer to struct, what
should be the return value from kernel code?
How to debug this kind scenario’s if copy_{to,from}_user returns
success(i.e. “0”)?
The IOCtl’s are represented in 32-bits. Out of these 13 bits(bits 29-16)
are reserved for size of argument. If user space passes an object instead
of pointer and assume size of the structure is not equal to size of the
pointer, then IOCtl decoding should result a different value, right? So for
this case, does user space IOCtl calls the corresponding driver IOCtl
function?
Thanks
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kernelnewbies.org/pipermail/kernelnewbies/attachments/20180917/4016acd8/attachment.html>
More information about the Kernelnewbies
mailing list