[alsa-devel] [PATCH 04/39] ALSA: seq: copy ioctl data from user space to kernel stack
Takashi Sakamoto
o-takashi at sakamocchi.jp
Mon Aug 8 15:46:21 CEST 2016
On Aug 8 2016 16:10, Takashi Iwai wrote:
>> _IOC_SIZE macro pick up 13 or 14 bits (architecture-dependent) in ioctl
>> command, which represents the size of argument. In my patch, the size of
>> 'union ioctl_arg' is 188 (x86/x32) or 192 (x86_64) and there's enough
>> rest of the size field. So we can pick up the size from ioctl command by
>> the macro because the size represents the maximum bytes of argument for
>> all of sequencer ioctls.
>
> It's not only about the size. It contains the r/w bits, so you can
> avoid the unnecessary user-copy calls, too.
SET_QUEUE_CLIENT ioctl command is defined as 'W', while a corresponding
function writes to userspace. This is unavoidable bug.
Regards
Takashi Sakamoto
More information about the Alsa-devel
mailing list