Reputation: 588
Safe handling of userspace pointers in a driver?
I'm writing an ioctl driver that needs to read and write data to userspace. For visualization, here's a typical argument that goes in a driver call:
typedef struct {
unsigned int* src;
unsigned int* dst;
unsigned int buffer_size;
unsigned int key[8];
} aes_data
I'm not very well-versed in how virtual memory works, but I think there's a risk here. The userspace process could have provided a pointer to memory it does not own. The provided buffer size could cause an overflow into the memory of some other process as well. How do I handle these userspace pointers responsibly in my driver?
Upvotes: 1
Views: 94
Answers (1)
Reputation: 64223
How do I handle these userspace pointers responsibly in my driver?
You don't, simply because there are no ways to check if the pointers points to anything valid. It is up to the user of the ioctl() to provide proper parameters. If they fail to do that, then tough luck for them.
Upvotes: 1
Related Questions
- How to copy a structure containing a pointer from user space to kernel
- Protecting shared memory segment between kernel and user space
- Successfully de-referenced userspace pointer in kernel space without using copy_from_user()
- Linux Device Driver: Copying String from Kernel to UserSpace
- Accessing user-mode memory inside kernel-mode driver
- Null pointer dereference in User space and kernel space
- Can I pass a pointer to linux kernel space for a __user parameter?
- Function pointers as entry points for any device operations
- Pointer type passed to put_user() matters?
- Kernel Device Driver "dereferencing 'void *' pointer