How to get rid of warning when copy_to_user(struct *file, const char __user *buf, size_t len, loff_t *off_t )

This is my myread and mywrite function of the null driver.

#define SIZE 6
    static char c[SIZE];

    static ssize_t myread(struct file *file,char __user *buf,size_t len, loff_t  *fops)
{
	printk(KERN_INFO"My read with length %zd \n",len);
	
	memset(buf,0,SIZE);
	//return is status i.e., 0.
	if(copy_to_user(buf,c,SIZE) != 0)
		return -EFAULT;
	else if (*fops > 0)
		return 0;
		else
			*fops += SIZE;
			return SIZE;
}


static ssize_t mywrite(struct file *file, const char __user *buf, size_t len, loff_t *fops)
    {
    	printk(KERN_INFO "My write \n");
    	memset(c,0,SIZE);
            if (len <= SIZE)`
            {`
    	if(copy_from_user(c,buf,len) != 0)
    		return -EFAULT;
    	else
    		//number of bytes written to the kernel space is returned
    		return len;`
            }
            else 
                    return -EFAULT;`
    }

When i build the module it is throwing warning like this:

/usr/src/linux-headers-3.2.0-36-generic-pae/arch/x86/include/asm/uaccess_32.h: In function ‘mywrite’:

/usr/src/linux-headers-3.2.0-36-generic-pae/arch/x86/include/asm/uaccess_32.h:211:26: warning: call to ‘copy_from_user_overflow’ declared with attribute warning: copy_from_user() buffer size is not provably correct [enabled by default]

please guide me like how to get rid of this warning. Like where am i doing mistake..

Answers

Your problem is that the len passed in to your myread and mywrite functions may be greater than SIZE; if this is the case, the copy_from_user/copy_to_user will overflow your array and read from / write to other nearby memory. Your code needs to restrict the length of the copy to no more than the length of the kernel memory that it's accessing.

Posted on by Anonymous