[alsa-devel] [PATCH 04/39] ALSA: seq: copy ioctl data from user space to kernel stack
Takashi Iwai
tiwai at suse.de
Mon Aug 8 16:58:01 CEST 2016
On Mon, 08 Aug 2016 15:46:21 +0200,
Takashi Sakamoto wrote:
>
> On Aug 8 2016 16:10, Takashi Iwai wrote:
> >> _IOC_SIZE macro pick up 13 or 14 bits (architecture-dependent) in ioctl
> >> command, which represents the size of argument. In my patch, the size of
> >> 'union ioctl_arg' is 188 (x86/x32) or 192 (x86_64) and there's enough
> >> rest of the size field. So we can pick up the size from ioctl command by
> >> the macro because the size represents the maximum bytes of argument for
> >> all of sequencer ioctls.
> >
> > It's not only about the size. It contains the r/w bits, so you can
> > avoid the unnecessary user-copy calls, too.
>
> SET_QUEUE_CLIENT ioctl command is defined as 'W', while a corresponding
> function writes to userspace. This is unavoidable bug.
Yes, there are a few things to be corrected. That is, some ioctls
need to be remapped to right ioctl numbers beforehand.
Takashi
More information about the Alsa-devel
mailing list