Kernel: Utilize AK::Userspace<T> in the ioctl interface

It's easy to forget the responsibility of validating and safely copying
kernel parameters in code that is far away from syscalls. ioctl's are
one such example, and bugs there are just as dangerous as at the root
syscall level.

To avoid this case, utilize the AK::Userspace<T> template in the ioctl
kernel interface so that implementors have no choice but to properly
validate and copy ioctl pointer arguments.

1 files changed, 4 insertions, 3 deletions

diff --git a/Kernel/FileSystem/InodeFile.cpp b/Kernel/FileSystem/InodeFile.cpp
index 6a6a34d956..a0d657b88b 100644
--- a/Kernel/FileSystem/InodeFile.cpp
+++ b/Kernel/FileSystem/InodeFile.cpp
@@ -62,7 +62,7 @@ KResultOr<size_t> InodeFile::write(FileDescription& description, u64 offset, con
     return nwritten;
 }
 
-int InodeFile::ioctl(FileDescription& description, unsigned request, FlatPtr arg)
+int InodeFile::ioctl(FileDescription& description, unsigned request, Userspace<void*> arg)
 {
     (void)description;
 
@@ -71,8 +71,9 @@ int InodeFile::ioctl(FileDescription& description, unsigned request, FlatPtr arg
         if (!Process::current()->is_superuser())
             return -EPERM;
 
+        auto user_block_number = static_ptr_cast<int*>(arg);
         int block_number = 0;
-        if (!copy_from_user(&block_number, (int*)arg))
+        if (!copy_from_user(&block_number, user_block_number))
             return -EFAULT;
 
         if (block_number < 0)
@@ -82,7 +83,7 @@ int InodeFile::ioctl(FileDescription& description, unsigned request, FlatPtr arg
         if (block_address.is_error())
             return block_address.error();
 
-        if (!copy_to_user((int*)arg, &block_address.value()))
+        if (!copy_to_user(user_block_number, &block_address.value()))
             return -EFAULT;
 
         return 0;