Home/ Questions/Q 8656763
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-12T15:21:36+00:00

I am writing a kernel function foo where it takes a structure pointer as

  • 0

I am writing a kernel function foo where it takes a structure pointer as its parameter

void foo(struct struct1 *param)
{

    if(param!=NULL)
    {
        if(param->param1!=NULL)
        {
            if(param->param1->bool_value)
                Some code
        }
    }
    some code
}

This function runs in the process context.
I got a crash at this line in the above function. if(param->param1->bool_value).
This crash was a one time crash and it never occured again.

The BADVA address points to a user space address. Is this address the address of param1->bool_value? And if so, can a kernel mode code access this address for reading without using copy_from_user?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Have you made sure (using locks) that the structure does not get modified from under you between the test and the access? Perhaps you could use

    void foo(struct somestruct *const param)
{
    if (param) {
        struct otherstruct *const param1 = param->param1;

        if (param1 && param1->bool_value) {
            /* Do stuff */
        }
    }
}

    Note that C specifies short-circuit logic for &&, so if param1 is NULL in the innermost test, param1 will not be dereferenced.

    This kind of access pattern (without the outermost if (param)) is very common in the Linux kernel. The only thing to notice is that discarding param1 must still be protected by some kind of a lock, so that it is not freed while some other CPU is accessing it still (via a cached pointer).

    • 0