How to get rid of warning when copy_to_user(struct *file, const char __user *buf, size_t len, loff_t *off_t )

1
votes

This is my myread and mywrite function of the null driver.

#define SIZE 6
    static char c[SIZE];

    static ssize_t myread(struct file *file,char __user *buf,size_t len, loff_t  *fops)
{
    printk(KERN_INFO"My read with length %zd \n",len);

    memset(buf,0,SIZE);
    //return is status i.e., 0.
    if(copy_to_user(buf,c,SIZE) != 0)
        return -EFAULT;
    else if (*fops > 0)
        return 0;
        else
            *fops += SIZE;
            return SIZE;
}


static ssize_t mywrite(struct file *file, const char __user *buf, size_t len, loff_t *fops)
    {
        printk(KERN_INFO "My write \n");
        memset(c,0,SIZE);
            if (len <= SIZE)`
            {`
        if(copy_from_user(c,buf,len) != 0)
            return -EFAULT;
        else
            //number of bytes written to the kernel space is returned
            return len;`
            }
            else 
                    return -EFAULT;`
    }

When i build the module it is throwing warning like this:

/usr/src/linux-headers-3.2.0-36-generic-pae/arch/x86/include/asm/uaccess_32.h: In function ‘mywrite’: /usr/src/linux-headers-3.2.0-36-generic-pae/arch/x86/include/asm/uaccess_32.h:211:26: warning: call to ‘copy_from_user_overflow’ declared with attribute warning: copy_from_user() buffer size is not provably correct [enabled by default]

please guide me like how to get rid of this warning. Like where am i doing mistake..

1
clinux-kernellinux-device-driver
Warnings in kernel code have to investigated, not just silenced. It seems that it is complaining about the buffer and its size in your code, check that you can write at the address given and that the size fits. - vonbrand
@vonbrand Yes i could see the problem is likely to be with buffer and size. But I am properly doing memset in my write function. Otherwise I am not using buf or 'c array' anywhere except copy_from_user. I couldn figure out the problem with warning. - kzs
1) what is "c" in strlen(c);? (OOPS a static ... brrr) 2) dont printf a size_t with a "%d" format. 3) what is wrong with sizeof c instead of SIZE ? - wildplasser
Possible duplicate of stackoverflow.com/questions/9993929/… - Clinton Pierce
@wildplasser 1: I have edited the code in question as you have said. getting the warning. 2: I have made %d as %zd. Again getting the warning - kzs

1 Answers

2
votes

Your problem is that the len passed in to your myread and mywrite functions may be greater than SIZE; if this is the case, the copy_from_user/copy_to_user will overflow your array and read from / write to other nearby memory. Your code needs to restrict the length of the copy to no more than the length of the kernel memory that it's accessing.