ioctl¶

Intro¶

ioctl - manipulate the device parameters of special files

Description¶

A program can control device by performing ioctl operations on the relevant device files. It takes three parameters, an open file descriptor, a request that indicates which device control is requested and an argument. Most devices use their own specific ioctl commands for configuration. Some individual requests may be vulnerable to Time-of-check Time-of-use (TOCTOU) race conditions.

Arguments¶

fd:int[K] - File descriptor for the device to be controlled.
request:unsigned long[K] - Refers to a device specific request code.
arg:unsigned long[K] - Argument for the request. Optional and might not always be available (passed with null value), indicated by [OPT] tag.

Available Tags¶

K - Originated from kernel-space.
U - Originated from user space (for example, pointer to user space memory used to get it)
TOCTOU - Vulnerable to TOCTOU (time of check, time of use)
OPT - Optional argument - might not always be available (passed with null value)

Hooks¶

vfs_ioctl¶

Type¶

Kprobe

Purpose¶

The ioctl syscall is hooked to gather information when it is executed.

Example Use Case¶

An example of an use case for the ioctl syscall could be in a program that reads and writes the content of user space memory from a device driver.

Issues¶

Race conditions can occur between the moment the request is checked and the values are used.

The syscall ioctl is related to other syscalls like read and write.

This document was automatically generated by OpenAI and needs review. It might not be accurate and might contain errors. The authors of Tracee recommend that the user reads the "events.go" source file to understand the events and their arguments better.