Date: Thu, 10 Aug 2000 09:38:06 -0400 (EDT) From: Robert Watson <rwatson@freebsd.org> To: Theo van Klaveren <t.vanklaveren@student.utwente.nl> Cc: freebsd-hackers@freebsd.org Subject: Re: In-kernel ioctl calls Message-ID: <Pine.NEB.3.96L.1000810093239.22790B-100000@fledge.watson.org> In-Reply-To: <001e01c0020c$d257b3c0$19e55982@student.utwente.nl>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 9 Aug 2000, Theo van Klaveren wrote:
> The first statement issues the read command to the device, I presume. It
> copies the data to an internal (kernel-space) buffer. Next, the internal
> buffer is copyout()ed to ubuf (which is my ioctl buffer), which fails
> because in the case of AudioFS it's in kernel space.
I've actually run into this problem in a number of places -- specifically,
aio support. I needed to generate aio requests in kernel, and the calls
were intended to be instantiated only from userland. The linux emulation
code presumably also jumps through hoops to deal with calls that require
data coming from userland. This has, I think, a lot to do with the design
of the syscall and implementation of the syscalls. As mentioned in
another forum a few weeks ago, it also makes authorization hard, as it
happens in many places.
I'd really rather see the calling of syscalls broken out into "service"
and "abi" layers, where the "service" layer implements the service, and
uses struct uio for all argument reads/writes, and the ABI layer is
responsible for setting all that up, but not much else. This would allow
then ABI layers such as FreeBSD, BSD/OS, Linux, to contain minimal service
implementation, moving all implementation into the service layer, which
would not have to be aware of much in terms of whether arguments came from
{user,sys}space, locking semantics, or authorization. Now, this is
somewhat far from the current implementation, but I think is a worthwhile
goal.
For ioctls, which are down a few layers in the implementation, maybe we
need to start passing down an explicit "this call is kernel or user
initiated". There are already situations in, for example, the quota and
extattr code, where a NULL struct cred indicates "authorize as kernel",
which is a somewhat similar issue. Maybe we need a USERSPACE/SYSSPACE
argument in kernel to calls that may or may not do their own
copyin/copyout.
Robert N M Watson
robert@fledge.watson.org http://www.watson.org/~robert/
PGP key fingerprint: AF B5 5F FF A6 4A 79 37 ED 5F 55 E9 58 04 6A B1
TIS Labs at Network Associates, Safeport Network Services
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.96L.1000810093239.22790B-100000>