From owner-freebsd-hackers@FreeBSD.ORG  Fri Apr 30 08:52:39 2010
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Delivered-To: freebsd-hackers@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 1EAB71065670
	for <freebsd-hackers@freebsd.org>; Fri, 30 Apr 2010 08:52:39 +0000 (UTC)
	(envelope-from gljennjohn@googlemail.com)
Received: from fg-out-1718.google.com (fg-out-1718.google.com [72.14.220.159])
	by mx1.freebsd.org (Postfix) with ESMTP id 972228FC15
	for <freebsd-hackers@freebsd.org>; Fri, 30 Apr 2010 08:52:38 +0000 (UTC)
Received: by fg-out-1718.google.com with SMTP id l26so309fgb.13
	for <freebsd-hackers@freebsd.org>; Fri, 30 Apr 2010 01:52:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=googlemail.com; s=gamma;
	h=domainkey-signature:received:received:date:from:to:cc:subject
	:message-id:in-reply-to:references:reply-to:x-mailer:mime-version
	:content-type:content-transfer-encoding;
	bh=tSebT9U9NRFtBC0PlptiwNiyJMXlrr5hUDBZK9kvCF0=;
	b=Zy+Xgj0Vuk66kEs3RJ1PrWXKP1LxVxW+HH41NxoVf8qo11aKnzcrgRox8H9P19I5cZ
	AfAMw7VVGWtoF8gxuIQbYGHK6Vy94JgdmjkJbmqL5uIxuo9B2bRGFbsxForpzQPZSMip
	v/9saMFBtfeWwWzI8eyw7f8ON0zeUr2FAq918=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=googlemail.com; s=gamma;
	h=date:from:to:cc:subject:message-id:in-reply-to:references:reply-to
	:x-mailer:mime-version:content-type:content-transfer-encoding;
	b=L1K3l0P+ASO2orUncYkhRoO/RoN3BFxtN0gIEbJH54DEPXbcPgh40rlWC8QxZI3sP/
	/ti5LCe8hqfgbav+v+UcUkZF3xAyCao5KznzrALyMun/jCKzcUfZQ0zYV/dZduszbiMT
	RhgoAzydXykkCt6qUHTZ5X6f+l3FL/EqM03gs=
Received: by 10.87.2.15 with SMTP id e15mr3502191fgi.23.1272617551879;
	Fri, 30 Apr 2010 01:52:31 -0700 (PDT)
Received: from ernst.jennejohn.org (p57AE0288.dip0.t-ipconnect.de
	[87.174.2.136])
	by mx.google.com with ESMTPS id 2sm2473769fks.42.2010.04.30.01.52.30
	(version=TLSv1/SSLv3 cipher=RC4-MD5);
	Fri, 30 Apr 2010 01:52:30 -0700 (PDT)
Date: Fri, 30 Apr 2010 10:52:29 +0200
From: Gary Jennejohn <gljennjohn@googlemail.com>
To: "=?ISO-8859-15?Q?Luk=E1=A8?= Czerner" <czerner.lukas@gmail.com>
Message-ID: <20100430105229.57dec4f2@ernst.jennejohn.org>
In-Reply-To: <alpine.DEB.1.10.1004292320540.30007@a04-0215a.kn.vutbr.cz>
References: <alpine.DEB.1.10.1004291938210.30007@a04-0215a.kn.vutbr.cz>
	<201004291418.09768.jhb@freebsd.org>
	<alpine.DEB.1.10.1004292114360.30007@a04-0215a.kn.vutbr.cz>
	<201004291606.35899.jhb@freebsd.org>
	<alpine.DEB.1.10.1004292220170.30007@a04-0215a.kn.vutbr.cz>
	<alpine.DEB.1.10.1004292256580.30007@a04-0215a.kn.vutbr.cz>
	<x2sbc2d971004291419o546d8895vd4fcab2ee15f37b9@mail.gmail.com>
	<alpine.DEB.1.10.1004292320540.30007@a04-0215a.kn.vutbr.cz>
X-Mailer: Claws Mail 3.7.5 (GTK+ 2.18.7; amd64-portbld-freebsd9.0)
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Cc: freebsd-hackers@freebsd.org, Ryan Stone <rysto32@gmail.com>
Subject: Re: ioctl, copy string from user
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: gljennjohn@googlemail.com
List-Id: Technical Discussions relating to FreeBSD
	<freebsd-hackers.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>, 
	<mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 30 Apr 2010 08:52:39 -0000

On Thu, 29 Apr 2010 23:23:28 +0200 (CEST)
"Lukas Czerner" <czerner.lukas@gmail.com> wrote:

> On Thu, 29 Apr 2010, Ryan Stone wrote:
> 
> > Date: Thu, 29 Apr 2010 17:19:41 -0400
> > From: Ryan Stone <rysto32@gmail.com>
> > To: Lukas Czerner <czerner.lukas@gmail.com>
> > Cc: freebsd-hackers@freebsd.org
> > Subject: Re: ioctl, copy string from user
> > 
> > > Apparently I need to tell ioctl how big is the variable I am
> > > providing to it ([MAXLEN]). The odd thing is, when I have a structure
> > > like this:
> > >
> > > struct lrfs_attach_info {
> > >     char *name;
> > >     int priority;
> > > };
> > >
> > > and I pass the pointer to that structure to the ioctl, it just
> > > works. I can even use the 'name' string from the structure without
> > > any problems, apparently it translates the pointer properly, but I
> > > did not expect this...
> > 
> > I think that you'll find that what actually happens is that you're
> > reading from the userspace pointer.  That will work as long as the
> > pointer is mapped, but you'll panic if what it points to gets swapped
> > out or is invalid.
> > 
> 
> Hmmm, I can prevent the pointer to be invalidated, but I doubt I can
> prevent to the pointer to been swapped out. Is there some better way
> ? Allocate it statically (char name[MAXLEN]), then it gets copied
> as whole to the kernel space, isn't it ?

Look at the definition of _IOW() in /sys/sys/ioccom.h.  It should become
obvious what's going on.

--
Gary Jennejohn