With CONFIG_DEBUG_STRICT_USER_COPY_CHECKS=y compilation of PicoLCD
driver fails on copy_from_user(), without it a warning is generated:
CC [M] drivers/hid/hid-picolcd.o
In file included from /usr/src/linux-2.6/arch/x86/include/asm/uaccess.h:571,
from /usr/src/linux-2.6/arch/x86/include/asm/sections.h:5,
from /usr/src/linux-2.6/arch/x86/include/asm/hw_irq.h:26,
from /usr/src/linux-2.6/include/linux/irq.h:359,
from /usr/src/linux-2.6/arch/x86/include/asm/hardirq.h:5,
from /usr/src/linux-2.6/include/linux/hardirq.h:7,
from /usr/src/linux-2.6/include/linux/interrupt.h:12,
from /usr/src/linux-2.6/include/linux/usb.h:15,
from /usr/src/linux-2.6/drivers/hid/hid-picolcd.c:25:
In function 'copy_from_user',
inlined from 'picolcd_debug_eeprom_write' at drivers/hid/hid-picolcd.c:1592:
arch/x86/include/asm/uaccess_32.h:212: error: call to 'copy_from_user_overflow' declared with attribute error: copy_from_user() buffer size is not provably correct
gcc-4.4.5 is not able to track size calculation when it is stored into
a variable, thus tell copy_from_user() maximum size via
min(*max-size*, *effective-size*) explicitly and inline how much to copy
at most.
Signed-off-by: Bruno Prémont <bonbons@linux-vserver.org>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
memset(raw_data, 0, sizeof(raw_data));
raw_data[0] = *off & 0xff;
raw_data[1] = (*off >> 8) & 0xff;
- raw_data[2] = s < 20 ? s : 20;
+ raw_data[2] = min((size_t)20, s);
if (*off + raw_data[2] > 0xff)
raw_data[2] = 0x100 - *off;
- if (copy_from_user(raw_data+3, u, raw_data[2]))
+ if (copy_from_user(raw_data+3, u, min((u8)20, raw_data[2])))
return -EFAULT;
resp = picolcd_send_and_wait(data->hdev, REPORT_EE_WRITE, raw_data,
sizeof(raw_data));