Home/ Questions/Q 9256051
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-18T11:51:01+00:00

I found a weird issue while writing an IOCTL for a character device driver

  • 0

I found a weird issue while writing an IOCTL for a character device driver for custom hardware connected to an old PowerPC. Here is an abstraction of my code:

u32 mydev_data;

...

static long mydev_ioctl(struct file * file, unsigned int cmd, unsigned long arg)
{
    void __user *user_arg = (void __user *)arg;
    long result;

    switch(cmd) {

    case MYDEV_GETDATA:
        result = put_user(mydev_data, user_arg);
        break;

    ...
    }

    return result;
}

Now, this returns garbage. However, when I replace the line

result = put_user(mydev_data, user_arg);

with

result = put_user(mydev_data, (unsigned long __user *) user_arg);

the problem goes away.

What is going on here? Since user_arg is marked as __user *, the only difference is void vs. unsigned long. But I wouldn’t think the pointer type would matter here. Obviously I’m mistaken but can someone explain why?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    If you look at the definition of the put_user macro, you’ll see that it copies data based on size, doing a sizeof(*ptr) to determine how many bytes to copy. sizeof(void) == 1, but sizeof(unsigned long) is larger.

    #define __put_user_check(x, ptr, size)                                  \
({                                                                      \
        long __pu_err = -EFAULT;                                        \
        __typeof__(*(ptr)) __user *__pu_addr = (ptr);                   \
        might_sleep();                                                  \
        if (access_ok(VERIFY_WRITE, __pu_addr, size))                   \
                __put_user_size((x), __pu_addr, (size), __pu_err);      \
        __pu_err;                                                       \
})

#define put_user(x, ptr) \
  __put_user_check((__typeof__(*(ptr)))(x), (ptr), sizeof(*(ptr)))
    • 0