Accessing members of a userspace struct in the kernel give wrong values

I'm seeing an oddity I don't understand in the output of my code. I have a structure defined in a header file. I populate a structure in user space then send it via ioctl to a kernel module. The kernel module should copy it from the user then report the values stored by the user.

The structure is defined as:

typedef struct Command_par {
    int cmd;            /**< special driver command */
    int target;         /**< special configuration target */
    unsigned long val1;     /**< 1. parameter for the target */
    unsigned long val2;     /**< 2. parameter for the target */
    int error;          /**< return value */
    unsigned long retval;   /**< return value */
} Command_par_t ;

The user space code is just a quick test program:

#include <stdio.h>
#include <errno.h>
#include <string.h>
#include <fcntl.h>
#include <sys/stat.h>
#include "can4linux.h"  //can4linux is the standard can driver that comes
                        //with the uCLinux kernel (where this code was originally
                        //running before this port to a desktop machine

#define CAN_COMMAND 0
void main()
  long ret;
  Command_par_t cmd;
  int fd;
  //set and open the file descriptor to the device

  cmd.cmd = 2; = 9; 
  cmd.val1 = 8;
  cmd.val2 = 7;
  cmd.error = 6;
  cmd.retval = 5;
  ret = ioctl(fd, CAN_COMMAND, &cmd);

The kernel module getting opened/sent data via ioctl:

long can_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
  Command_par_t *myptr;
  myptr = (void *)kmalloc(sizeof(Command_par_t)+1,GFP_KERNEL );

  copy_from_user((void *)myptr, (void *)arg, sizeof(Command_par_t));

  printk("cmd = %d, target = %d, val1 = %d, val2 = %d, error = %d, retval = %d\n", 
         myptr->cmd, myptr->target, myptr->val1, myptr->val2, myptr->error, myptr->retval);

Here's where the possible IOCTL commands are defined in the can4linux.h header:

---------- IOCTL requests */

#define COMMAND      0  /**< IOCTL command request */
#define CONFIG       1  /**< IOCTL configuration request */
#define SEND         2  /**< IOCTL request */
#define RECEIVE      3  /**< IOCTL request */
#define CONFIGURERTR     4  /**< IOCTL request */

So obviously this is just test code, I'm trying to debug a bigger problem, but right now even this isn't working correctly... The output I'm getting is:

[217088.860190] cmd = 2, target = 1, val1 = 3, val2 = 134514688, error = 134514480, retval = 0

The cmd was set correctly, after that everything else is skewed... Looks like it only passed an int and then I'm accessing memory outside of my struct? Anyone see what I'm doing wrong here?


The problem was how the ioctl number was being defined. This was a port from a uCLinux (2.4) running on some embedded HW that we have to a OpenSUSE distribution (3.1). I guess what was happening was on the smaller embedded platform we were getting lucky and the ioctl number defined as simple integers:

#define COMMAND      0  /**< IOCTL command request */ 
#define CONFIG       1  /**< IOCTL configuration request */ 
#define SEND         2  /**< IOCTL request */ 
#define RECEIVE      3  /**< IOCTL request */ 
#define CONFIGURERTR     4  /**< IOCTL request */ 

Were sufficiently unique enough to not cause problems. Now that I'm trying to recompile the code on a full linux distribution there's too much other stuff going on in the system and our commands were getting trampled on. Now redefining the ioctl numbers as such:

#define GC_CAN_IOC_MAGIC  'z'       //!< Magic number - I guess this magic number can be chosen freely
#define GC_CAN_IOC_WRITE_COMMAND        _IOW(GC_CAN_IOC_MAGIC,  0, Command_par_t)

The values passed from user space are correctly recorded:

[220546.535115] cmd = 2, target = 9, val1 = 8, val2 = 7, error = 6, retval = 5

If anyone can give me a better answer than "trampled on" I'd be happy to have a clearer understanding of this problem. Also if I'm setting up the IOCTL numbers wrongly still, please someone correct me.

Need Your Help

datepicker - unavailableDates from csv-file

jquery csv datepicker

I'm trying to get unavailable dates for my datepicker-calendar off a csv-file.

Sometimes I get from socket not what I expect

perl sockets tomcat servlets virtual-machine

I get socket handle to Httpd, the host is"",the port is 80;

About UNIX Resources Network

Original, collect and organize Developers related documents, information and materials, contains jQuery, Html, CSS, MySQL, .NET, ASP.NET, SQL, objective-c, iPhone, Ruby on Rails, C, SQL Server, Ruby, Arrays, Regex, ASP.NET MVC, WPF, XML, Ajax, DataBase, and so on.