From owner-freebsd-hackers@FreeBSD.ORG Mon Jan 21 00:59:46 2013 Return-Path: Delivered-To: hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id 42B1D1E9 for ; Mon, 21 Jan 2013 00:59:46 +0000 (UTC) (envelope-from mdf356@gmail.com) Received: from mail-qc0-f173.google.com (mail-qc0-f173.google.com [209.85.216.173]) by mx1.freebsd.org (Postfix) with ESMTP id D8658E80 for ; Mon, 21 Jan 2013 00:59:45 +0000 (UTC) Received: by mail-qc0-f173.google.com with SMTP id b12so3523979qca.32 for ; Sun, 20 Jan 2013 16:59:39 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:x-received:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type; bh=k9zI6O/9NZZVxXr5r2kiEDFUWs93gMu8Eesx55GYS3I=; b=pPN+A+XqO/U8asbbdURiyiVa9u98xi0aeEqdcQV4sVKaRPrNoPH4eTpu2q1IJLCU4v 7uqz1oA6ThWv14JfrAUfQLSVCb53HUIBN4mP6KF/kFr+t26TgNrpaAYjt84cyFUyg4Hg kKhqaSJq/pb3XZJaTeJHU/7YLCIAdSCZ3+CheTyFloLTLNjvqK+SD6V/l/n1JFxbLaqk Km42SBn85gA4u+e52K6xUdi6tTRiZEC33DSR/u1frtSKrGc9IHrwzKpN0k5jplsffxrL FJUDj4TtHi3ixtkovjLmr/npS4QKoYPDyIwI23F3LdXIGoDAO1ZuxytvYmMN67TkU+tg SMyg== MIME-Version: 1.0 X-Received: by 10.229.77.13 with SMTP id e13mr4173030qck.69.1358729979427; Sun, 20 Jan 2013 16:59:39 -0800 (PST) Sender: mdf356@gmail.com Received: by 10.229.156.18 with HTTP; Sun, 20 Jan 2013 16:59:39 -0800 (PST) In-Reply-To: <50FC7767.4050207@rawbw.com> References: <50FC7767.4050207@rawbw.com> Date: Sun, 20 Jan 2013 16:59:39 -0800 X-Google-Sender-Auth: KjrsqUxlShXlXyzk1QeBZo0sC9c Message-ID: Subject: Re: How to validate the variable size memory block in ioctl handler? From: mdf@FreeBSD.org To: Yuri Content-Type: text/plain; charset=ISO-8859-1 Cc: hackers@freebsd.org X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 21 Jan 2013 00:59:46 -0000 On Sun, Jan 20, 2013 at 3:01 PM, Yuri wrote: > I am implementing an ioctl that reads/writes variable size structure. > Allocated size is supplied by the caller in the structure itself. > struct my_struct { > int len; // allocated size > other_struct s[1]; > }; > ioctl request id is defined as _IOWR('X', , my_struct) > > How to validate from the ioctl function handler (for some device) that the > whole (variable size) block of bytes is RW accessible in the process memory > space? > Should I call copyout/copyin for this, or there is some shorter way? > EFAULT should be returned in case of validation failure. > > As I understand, macros like _IOR, _IOWR do validation based on the size of > structure supplied to them. So that the handler procedures don't have to do > that. > I was expecting to find among them some macro that would work for such > variable size structure, but it isn't there. (Not sure if this is possible > language-wise). You'll need to pass in more than the above, probably, as the kernel's ioctl() function has copied in the specified number of bytes already. I.e. the value passed to your ioctl handler is already in the kernel space, and unless it's 4 bytes, was malloc(9)'d and copyin'd (if it's an IN parameter). The size used is the size passed to the _IOC() macro. To do what you want it sounds like you want your handler to take something like: struct var_ioctl { int len; void *data; }; Then then handler itself would have to use copyin/copyout to access the data. There's no simpler way. Cheers, matthew