Hi, While writing a driver, and searching for existing examples, I came across drivers/net/sb1000.c (in kernel version 2.4.8). My question refers to the following line (line 1065) in that driver: if(get_user(frequency, (int*) ifr->ifr_data)) ... This code is in the sb1000_dev_ioctl function, which implements the driver's ioctl Operation, and ifr is supplied as an argument by the user process invoking the ioctl call. Now from my understanding, and based on some experiments I made with my own drivers, I think that this will generate a memory access error in kernel mode, if the user space process supplies an invalid address (i.e. not readable from kernel mode) as ifr argument. My reasoning is the following: Although get_user() will check the validity of the address ifr->ifr_data, the address ifr will first have to be accessed in order to read ifr->ifr_data (which would subsequently be validated by get_user()), resulting in an attempt to access an invalid address (namely ifr) in kernel mode, if the user space process provided an invalid address. [Note that this situation is different from the following, which can be found in e.g. drivers/char/vt.c: ... if (get_user(ct,&a->kb_cnt)) ... Here, the compiler can get the address of the kb_cnt field by doing some address arithmetic (i.e. adding the appropriate offset to the user program supplied address a), therefore no dereferencing of the address a is necessary, and get_user() can validate the address.] So my question is: Is there a bug in the driver drivers/net/sb1000.c? And if there is not, can you explain me what is wrong in my reasoning, i.e. how the validation of ifr as well as ifr->ifr_data is achieved by get_usr()? Thank you in advance regards Martin -- Supercomputing System AG email: maletinsky@scs.ch Martin Maletinsky phone: +41 (0)1 445 16 05 Technoparkstrasse 1 fax: +41 (0)1 445 16 10 CH-8005 Zurich -- Kernelnewbies: Help each other learn about the Linux kernel. Archive: http://mail.nl.linux.org/kernelnewbies/ IRC Channel: irc.openprojects.net / #kernelnewbies Web Page: http://www.kernelnewbies.org/
