Skip to content

ioperm

Intro

ioperm - set/get I/O permissions

Description

The ioperm system call allows a user to set/get I/O port permissions. It takes a 16-bit starting I/O port, the number of ports to affect, and an enable/disable value (1 or 0). All the I/O ports, from the starting port to the starting port + num - 1, will be set according to the enable/disable value. It affects only the current thread/process.

The ioperm system call is used to allow or disallow certain I/O operations on certain parts of the I/O address space. It is used for situations where low-level I/O operations are required, such as when writing device drivers or device access programs.

Arguments

  • from:unsigned long[K] - The starting I/O port.
  • num:unsigned long[K] - The number of ports to affect.
  • turn_on:int[K] - Enable/disable value.

Available Tags

  • K - Originated from kernel-space.
  • U - Originated from user space (for example, pointer to user space memory used to get it)
  • TOCTOU - Vulnerable to TOCTOU (time of check, time of use)
  • OPT - Optional argument - might not always be available (passed with null value)

Hooks

sys_ioperm

Type

Kprobes + ftrace

Purpose

Hook to trace when ioperm system call is invoked.

Example Use Case

An example use case of the ioperm system call is writing a device driver. If the device driver needs to access I/O ports and it needs low-level I/O operations, the ioperm system call can be used to enable/disable access to I/O ports as needed.

Issues

This system call is limited in that it can only be used on the current thread/process. Additionally, it is only available on x86 architectures. This limits its use-case somewhat.

  • iopl - manipulate I/O privilege level.
  • ioctls (ioctl) - control device.
  • perf_event_open - open a performance monitoring event.
  • userfaultfd - create a userland fault handler.

This document was automatically generated by OpenAI and needs review. It might not be accurate and might contain errors. The authors of Tracee recommend that the user reads the "events.go" source file to understand the events and their arguments better.