-2

I have to access data from a pointer in a struct iw_point variable on a Linux based embedded board. The pointer contained in the struct is of type __user. But when I try to access that location, the program keeps segfaulting.

When I looked at the memory location pointed to by that pointer, I noticed that the location does not lie in the address space of the process which has to read from the location(obtained by reading /proc/pid/maps):

00400000-0048c000 r-xp 00000000 1f:04 83         /root/aravind/smapp
0049b000-0049c000 rw-p 0008b000 1f:04 83         /root/aravind/smapp

The location returned by the pointer is E80000 which does not lie in the range returned above.

Does this mean that the location lies outside the address space of the program triggering the pointer return in the first place(the pointer is returned by an ioctl call)?

rorschach
  • 15
  • 2
  • 1
    Has the pointer been initialized to point to a valid memory location? – nbro Sep 11 '17 at 21:13
  • DON'T use `__` (two underscores) in your own variables! They are reserved for the compiler and OS. – Paul Ogilvie Sep 11 '17 at 21:13
  • Did you allocate necessary buffer and assigned it to `pointer`? – myaut Sep 11 '17 at 21:13
  • @PaulOgilvie: [`__user`](https://stackoverflow.com/questions/4521551/what-are-the-implications-of-the-linux-user-macro) seem to be a Linux Kernel hint (Linux actually loves `__`). – myaut Sep 11 '17 at 21:14
  • @nbro I do not have control over that. As mentioned above, I make an ioctl call to SIOCGIWSCAN which returns the pointer. However, If I go based on source I've seen for standard linux tools, then I don't have to initialize the pointer. Eg:https://github.com/HewlettPackard/wireless-tools/blob/master/wireless_tools/iwlist.c line 589 – rorschach Sep 11 '17 at 21:15
  • @PaulOgilvie: I am not using the __user tag, that is just how it is defined in the Linux source files. struct iw_point is a struct defined by Linux itself – rorschach Sep 11 '17 at 21:17
  • @Aravind Your original question didn't mention Linux. – melpomene Sep 11 '17 at 21:18
  • @melpomene: Edited the question to reflect that – rorschach Sep 11 '17 at 21:19
  • @AjayBrahmakshatriya: Are you saying that I might have to use something like copy_to_user? – rorschach Sep 11 '17 at 21:32
  • Have you started an AP scan with `SIOCSIWSCAN` before you try to retrieve the results? – tofro Sep 11 '17 at 21:33
  • @Aravind actually I was wrong. `__user` signifies that the pointer is in the User space. I am afraid you will have to show more code to determine if it has been initialized correctly. – Ajay Brahmakshatriya Sep 11 '17 at 21:44
  • @AjayBrahmakshatriya and `__user` also implies the memory *was handed in by the application*. Apparently, some pointer was not properly initialized when the `ioctl` call was made. – tofro Sep 11 '17 at 21:52

1 Answers1

2

The SIOCGIWSCAN ioctl uses the space you hand in as 

iwr.u.data.pointer = p;
iwr.u.data.length = BUFSZ;

with the request to return the scanned network information because the ioctl is not able to allocate a return area in user space. Check that you initialized this pointer and data length properly (4k buffer space recommended). In case you didn't, you might get such undefined results.

Also make sure you always check the return value from ioctl - In an error case, don't try to access the return area.

In case you did all that and it still doesn't return a valid pointer: There are still a number of drivers around that don't properly support the wireless extensions.

Also a bit of code would make an answer much easier - As you stated the question, it is very hard to answer without poking around and guessing a lot.

tofro
  • 5,640
  • 14
  • 31
  • That's a comment with some wild guessing, not an answer. – too honest for this site Sep 11 '17 at 21:59
  • @Olaf Its the best answer that can be given using the limited information the OP provided. A non-valid pointer coming back from an `ioctl` most probably is caused by a non-valid pointer handed in. There's not a lot more possible reasons that can cause this. – tofro Sep 11 '17 at 22:05
  • That#s why it should not be answered until OP clarifies. Please help moderating this site. Such questions/answers are not helpful to anyone, definitively not for future readers. – too honest for this site Sep 11 '17 at 22:09