6 Replies Latest reply on Mar 25, 2011 2:23 PM by 846636

    Solaris Driver Wrong Address Recovery


      i am developing a solaris driver for a custom made IO card. I have a simple question. I have completed development and provide an entry point for pread in driver. When a legal user space address is passed over pread everything is fine data is read correctly. But when an illegal address buffer is passed to driver, kernel panics and system is restarted.

      I handle NULL pointer in driver but how can driver check/recover or just create a segmentation fault without kernel panic when pread is called to read from device to a user space buffer that is NON-NULL illegal address. This problem is applicable for pwrite also by the way?

      Thanks in advance.
        • 1. Re: Solaris Driver Wrong Address Recovery
          Can you post your code where you access the user-space address? In general, you should be using ddi_copyin()/ddi_copyout() to copy the data between kernel- and user-space buffers.
          • 2. Re: Solaris Driver Wrong Address Recovery
            This thread has been moved from the General Solaris 10 Discussion subforum,
            to the Driver Development subforum, for closer topic alignment.
            • 3. Re: Solaris Driver Wrong Address Recovery
              hi actually i am not using ddi_copyin or out.

              i read the man for ddi_copyin but couldnt find to how to match parameters of read/write entry points, e.g struct uio to ddi_copyin.

              for pwrite i am using uiomove to copy user data to kernel space, then copy data to device by ddi_put32. and for pread i am using the opposite way.

              uiomove is the point where kernel panics i guess.

              i tried uwritec and ureadc instead of uiomove nothing different...
              • 4. Re: Solaris Driver Wrong Address Recovery
                This warning from the uiomove() man page seems relevant:
                If uio_segflg is set to UIO_SYSSPACE and address is selected
                from user space, the system may panic.
                • 5. Re: Solaris Driver Wrong Address Recovery
                  no actually that is not the case. in my seg_flg is UIO_USERSPACE which is set by system(transfer between user and kernel). no conflict on that. the problem is if user space buffer is an invalid address uiomove panics system.

                  i guess nothing to do with that. i will have to rewrite my read/write over ioctl entry point and hope that ddi_copyin/out wont panic the kernel. or just live with that weird situation and be careful while calling pread/pwrite on application side :)

                  thanks .
                  • 6. Re: Solaris Driver Wrong Address Recovery
                    ok problem solved. problem was nothing to do with wrong address. apparently my driver mistakenly re-call mutex_exıt and kernel panic for that matter.

                    i have related question. for passing data to kernel space i tried uiomove and ddi_copyin and saw that ddi_copyin is much more slower than uimove (20 microsecond vs 150 microsecond). Is this normal?