Re: [PATCH] Input: uinput - Add UI_SET_UNIQ ioctl handler
From: Dmitry Torokhov
Date: Fri Dec 06 2019 - 12:40:54 EST
On Fri, Dec 06, 2019 at 10:11:14AM +0100, Pali Rohár wrote:
> On Thursday 05 December 2019 12:03:05 Abhishek Pandit-Subedi wrote:
> > On Thu, Dec 5, 2019 at 2:52 AM Pali Rohár <pali.rohar@xxxxxxxxx> wrote:
> > >
> > > On Tuesday 03 December 2019 11:11:12 Dmitry Torokhov wrote:
> > > > On Tue, Dec 03, 2019 at 06:38:21PM +0100, Pali Rohár wrote:
> > > > > On Tuesday 03 December 2019 00:09:47 Pali Rohár wrote:
> > > > >
> > > > > Hi Dmitry!
> > > > >
> > > > > I was looking again at those _IOW defines for ioctl calls and I have
> > > > > another argument why not specify 'char *' in _IOW:
> > > > >
> > > > > All ioctls in _IOW() specify as a third macro argument type which is
> > > > > passed as pointer to the third argument for ioctl() syscall.
> > > > >
> > > > > So e.g.:
> > > > >
> > > > > #define EVIOCSCLOCKID _IOW('E', 0xa0, int)
> > > > >
> > > > > is called from userspace as:
> > > > >
> > > > > int val;
> > > > > ioctl(fd, EVIOCSCLOCKID, &val);
> > > > >
> > > > > Or
> > > > >
> > > > > #define EVIOCSMASK _IOW('E', 0x93, struct input_mask)
> > > > >
> > > > > is called as:
> > > > >
> > > > > struct input_mask val;
> > > > > ioctl(fd, EVIOCSMASK, &val);
> > > > >
> > > > > So basically third argument for _IOW specify size of byte buffer passed
> > > > > as third argument for ioctl(). In _IOW is not specified pointer to
> > > > > struct input_mask, but struct input_mask itself.
> > > > >
> > > > > And in case you define
> > > > >
> > > > > #define MY_NEW_IOCTL _IOW(UINPUT_IOCTL_BASE, 200, char*)
> > > > >
> > > > > then you by above usage you should pass data as:
> > > > >
> > > > > char *val = "DATA";
> > > > > ioctl(fd, MY_NEW_IOCTL, &val);
> > > > >
> > > > > Which is not same as just:
> > > > >
> > > > > ioctl(fd, MY_NEW_IOCTL, "DATA");
> > > > >
> > > > > As in former case you passed pointer to pointer to data and in later
> > > > > case you passed only pointer to data.
> > > > >
> > > > > It just mean that UI_SET_PHYS is already defined inconsistently which is
> > > > > also reason why compat ioctl for it was introduced.
> > > >
> > > > Yes, you are right. UI_SET_PHYS is messed up. I guess the question is
> > > > what to do with all of this...
> > > >
> > > > Maybe we should define
> > > >
> > > > #define UI_SET_PHYS_STR(len) _IOC(_IOC_WRITE, UINPUT_IOCTL_BASE, 111, len)
> > > > #define UI_SET_UNIQ_STR(len) _IOC(_IOC_WRITE, UINPUT_IOCTL_BASE, 112, len)
> > >
> > > I'm not sure if this is ideal. Normally in C strings are nul-termined,
> > > so functions/macros do not take buffer length.
> > Except strncpy, strndup, snprintf, etc. all expect a buffer length. At
>
> This is something different as for these functions you pass buffer and
> length of buffer which is used in write mode -- not for read mode.
>
> > the user to kernel boundary of ioctl, I think we should require size
> > of the user buffer regardless of the data type.
> >
> > > _STR therefore in names looks inconsistent.
> > The _STR suffix is odd (what to name UI_SET_PHYS_STR then??) but
> > requiring the length seems to be common across various ioctls.
> > * input.h requires a length when requesting the phys and uniq
> > (https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/include/uapi/linux/input.h#n138)
> > * Same with HIDRAW when setting and getting features:
> > https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/include/uapi/linux/hidraw.h#n40,
> > https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/samples/hidraw/hid-example.c#n88
>
> All these ioctls where is passed length are in opposite direction
> (_IOC_READ) as our PHYS and UNIQ (_IOC_WRITE).
>
> I fully agree that when you need to read something from kernel
> (_IOC_READ) and then writing it to userspace, you need to specify length
> of userspace buffer. Exactly same as with userspace functions like
> memcpy, snprintf, etc... as you pointed. Otherwise you get buffer
> overflow as callee does not know length of buffer.
>
> But here we we have there quite different problem, we need to write
> something to kernel from userspace (_IOC_WRITE) and we are passing
> nul-term string. So in this case specifying size is not required as it
> is implicitly specified as part of passed string.
With the new IOCTL definitions it does not need to be a NULL-terminated
string. It can be a buffer of characters with given length, and kernel
will NULL-terminate as this it what it wants, not what the caller has to
give.
Thanks.
--
Dmitry