问题描述
在 LDD3 的示例中,将access_ok()
放在内核模块的ioctl
方法的开头,以检查从用户空间传递的指针是否有效.当用户空间应用程序调用ioctl()
系统调用并将变量的地址传递给它时,它是正确的.但是,在某些情况下,内核模块中的ioctl()
系统调用会使用值而不是指针作为第三个参数,最后是access_ok()
的第二个参数来调用.
In LDD3's example, access_ok()
is placed at the beginning of ioctl
method of a kernel module to check whether a pointer passed from userspace is valid. It is correct when userspace application calls ioctl()
system call, and passes it an address of a variable. In some cases, however, ioctl()
system call is invoked with a value instead of a pointer as third argument and finally the second argument of access_ok()
in kernel module.
我试图传递一个整数作为access_ok()
的第二个参数,并且它可以正常工作.没有错误的报告.但是我不太确定这种用法是否正确?
I've tried to pass an integer as access_ok()
's second argument and it works fine. No error was reported. But I don't very sure that is this usage correct?
例如,如果我在用户空间中调用ioctl()
并将其第三个参数设为'3'.然后,在struct file_operations
的ioctl()
方法中,access_ok()
将收到3
作为第二个参数.因为access_ok()
需要一个指针,所以它将3
转换为用户空间指针.显然,这是错误的...
For example, if I invoke ioctl()
in userspace with it's third argument to be '3'. Then, in ioctl()
method of struct file_operations
, access_ok()
will receive 3
as it's second argument. Because the access_ok()
expects a pointer, so it translates 3
to be a userspace pointer. Obversely, it's wrong...
推荐答案
实际上,access_ok
的检查很粗糙.函数描述(在源文件中)说:
Actually, access_ok
's check is rough. Description of the function (in the source file) say:
例如,根据来源arch/x86/include/asm/uaccess.h
,在x86 access_ok
上仅检查给定的地址指向 lower 区域(因为内核除了在上部区域之外).因此,对于等于3
的地址,它返回true
.
E.g., according to source arch/x86/include/asm/uaccess.h
, on x86 access_ok
just checks that given address points to the lower area (because kernel besides in the upper area). So, it returns true
for address equal to 3
.
copy_from_user
/copy_to_user
返回有关用户内存可访问性的最终结论.
It is copy_from_user
/copy_to_user
who return a final verdict about user memory accessibility.
这篇关于我可以将整数作为第二个参数传递给`access_ok()`吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!