--qMm9M+Fa2AknHoGS
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

Dear folks,

recently i stumbled on the following problem: the CDIOREADTOCENTRYS ioctl 
f.e. is only to be called from userland due to the explicit use of 
copyout() when returning data read.

	case CDIOREADTOCENTRYS: {
		struct cd_toc toc;
		struct ioc_read_toc_entry *te =
		    (struct ioc_read_toc_entry *)addr;
		struct ioc_toc_header *th;
		struct cd_toc_entry *cte;
		u_int len = te->data_len;
		int ntracks;

		th = &toc.header;
...
		len = min(len, th->len - (sizeof(th->starting_track) +
		    sizeof(th->ending_track)));
		return (copyout(toc.entries, te->data, len));
	}


I.e. the CDIOREADTOCENTRYS ioctl can only be called from userland. Isn't an 
ioctl implementation to allow both userland and kernel-space calls? 
Shouldn't the implementation of CDIOREADTOCENTRYS examine the `struc proc *'
argument to the ioctl handler? And when equal to NULL use a `memcpy' 
instead? Or use the `copyout_proc' or variant that has the proc* as 
argument too wich can then decide to use copyout or memcpy?

Cheers,
Reinoud


--qMm9M+Fa2AknHoGS
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (NetBSD)

iQEVAwUBQgOygIKcNwBDyKpoAQJrcQf/Wz3Hxj9JB9tbr1etUz0BJFqzTGbhuWHz
GiVhq1Sl6o8JvqQctBe9DwSFnui3WD2NneRId/OGPW9LUXrq3tS6kKIHPQXv3Eg6
PeAM0hm2HxcbDyuvnESICugm6ttDE3SFI/a50N+y+rytFQW/EGzPyl5kmLbzOOkT
r3bB5jwR0GsCI/jmJdMRP+BUbFp37q+yJVNNFngw+qRyO5LakZxDMAgenPx/H6B7
u/dsRCVq5Uqm9QcOb1Ai5TgnsDVMu520IPW4kICyXdmEpMbt79g9nPNCoYmRYt1i
aY5a9lLOSDYr81e7O10CDUW68TfE0cMvf0faM0VDTDzF4t+xp7A7NQ==
=QDv5
-----END PGP SIGNATURE-----

--qMm9M+Fa2AknHoGS--