Re: CVS commit: src/sys/dev

To: Michael Graff <explorer%flame.org@localhost>
Subject: Re: CVS commit: src/sys/dev
From: David Laight <david%l8s.co.uk@localhost>
Date: Sat, 4 Dec 2010 22:09:44 +0000

On Sat, Dec 04, 2010 at 03:50:25PM -0600, Michael Graff wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> I admit to a certain lack of understanding the twisty maze of pointers
> and memory mapping magic at play here, but is simply checking the length
> enough?  That is, what happens if I pass in a structure that is smaller
> than expected?
> 
> That is, is there a way to check the actual size of the data passed into
> the ioctl, rather than the field in the structure we expect, or is that
> done at a higher level?

The length of the program's buffer is unknown.
The kernel uses the high 16 bits of the ioctl command to indicate
whether to read/write (2 bits) and a length (14 bits).
If either control bit is set, the ioctl syscall stub will do the
copyin/out and pass the actual device driver a pointer to the
in-kernel buffer.
So the device driver can always access the buffer length implied
from the command.

To my mind this is a horrid hack :-)

        David

-- 
David Laight: david%l8s.co.uk@localhost

Follow-Ups:
- Re: CVS commit: src/sys/dev
  - From: Warner Losh

References:
- Re: CVS commit: src/sys/dev
  - From: Christos Zoulas
- Re: CVS commit: src/sys/dev
  - From: Michael Graff

Prev by Date: Re: CVS commit: src/sys/dev
Next by Date: Re: CVS commit: src/sys/dev
Previous by Thread: Re: CVS commit: src/sys/dev
Next by Thread: Re: CVS commit: src/sys/dev
Indexes:

Home | Main Index | Thread Index | Old Index