On 02/27/2013 03:33 PM, David Miller wrote:

From: Guenter Roeck <linux@roeck-us.net>
Date: Wed, 27 Feb 2013 11:43:51 -0800

quoted

Building sctp may fail with:

In function ‘copy_from_user’,
     inlined from ‘sctp_getsockopt_assoc_stats’ at
     net/sctp/socket.c:5656:20:
arch/x86/include/asm/uaccess_32.h:211:26: error: call to
     ‘copy_from_user_overflow’ declared with attribute error: copy_from_user()
     buffer size is not provably correct

if built with W=1 due to a missing parameter size validation.

Signed-off-by: Guenter Roeck <linux@roeck-us.net>

This change is correct, but please fix this by simply moving the:

	/* Allow the struct to grow and fill in as much as possible */
	len = min_t(size_t, len, sizeof(sas));

line higher up in the function.

And I also prefer this because:

	something testing sizeof(foo);
	if (copy_from_user(..., ..., sizeof(foo)))

must easier to audit and validate, especially in patch form.

Otherwise I have to bring the code into an editor and read the whole
function just to make sure you got the type correct.

Right.  In this particular case, we are after a very small portion of 
user data (just the association id) and copying the entire structure is
rather pointless.

A nicer solution here would be to do this:
	 if (copy_from_user(&sas, optval, sizeof(sctp_assoc_t))

We are already guaranteed that much space and we make sure that we don't 
overwrite the kernel stack.

-vlad