lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAGXu5jL+9PUEs=Fz-ApuS5Z+oou1jA2X-uYDPBzd44hgmZ2Kpg@mail.gmail.com>
Date:   Thu, 8 Mar 2018 13:04:15 -0800
From:   Kees Cook <keescook@...omium.org>
To:     Stephen Kitt <steve@....org>
Cc:     hare <hare@...e.com>, linux-scsi@...r.kernel.org,
        Kernel Hardening <kernel-hardening@...ts.openwall.com>,
        LKML <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH v2] aic7xxx/aic79xx: remove VLAs

On Thu, Mar 8, 2018 at 12:51 PM, Stephen Kitt <steve@....org> wrote:
> In preparation to enabling -Wvla, remove VLAs and replace them with
> fixed-length arrays instead.
>
> The arrays fixed here, using the number of constant sections, aren't
> really VLAs, but they appear so to the compiler. Replace the array
> sizes with a pre-processor-level constant instead using ARRAY_SIZE.
>
> This was prompted by https://lkml.org/lkml/2018/3/7/621
>
> Signed-off-by: Stephen Kitt <steve@....org>

Thanks!

Reviewed-by: Kees Cook <keescook@...omium.org>

-Kees

> ---
>  drivers/scsi/aic7xxx/aic79xx_core.c        | 8 ++++----
>  drivers/scsi/aic7xxx/aic79xx_seq.h_shipped | 3 +--
>  drivers/scsi/aic7xxx/aic7xxx_core.c        | 8 ++++----
>  drivers/scsi/aic7xxx/aic7xxx_seq.h_shipped | 3 +--
>  drivers/scsi/aic7xxx/aicasm/aicasm.c       | 3 +--
>  5 files changed, 11 insertions(+), 14 deletions(-)
>
> diff --git a/drivers/scsi/aic7xxx/aic79xx_core.c b/drivers/scsi/aic7xxx/aic79xx_core.c
> index b560f396ee99..034f4eebb160 100644
> --- a/drivers/scsi/aic7xxx/aic79xx_core.c
> +++ b/drivers/scsi/aic7xxx/aic79xx_core.c
> @@ -9338,9 +9338,9 @@ ahd_dumpseq(struct ahd_softc* ahd)
>  static void
>  ahd_loadseq(struct ahd_softc *ahd)
>  {
> -       struct  cs cs_table[num_critical_sections];
> -       u_int   begin_set[num_critical_sections];
> -       u_int   end_set[num_critical_sections];
> +       struct  cs cs_table[NUM_CRITICAL_SECTIONS];
> +       u_int   begin_set[NUM_CRITICAL_SECTIONS];
> +       u_int   end_set[NUM_CRITICAL_SECTIONS];
>         const struct patch *cur_patch;
>         u_int   cs_count;
>         u_int   cur_cs;
> @@ -9456,7 +9456,7 @@ ahd_loadseq(struct ahd_softc *ahd)
>                  * Move through the CS table until we find a CS
>                  * that might apply to this instruction.
>                  */
> -               for (; cur_cs < num_critical_sections; cur_cs++) {
> +               for (; cur_cs < NUM_CRITICAL_SECTIONS; cur_cs++) {
>                         if (critical_sections[cur_cs].end <= i) {
>                                 if (begin_set[cs_count] == TRUE
>                                  && end_set[cs_count] == FALSE) {
> diff --git a/drivers/scsi/aic7xxx/aic79xx_seq.h_shipped b/drivers/scsi/aic7xxx/aic79xx_seq.h_shipped
> index 4b51e232392f..fd64a950ee44 100644
> --- a/drivers/scsi/aic7xxx/aic79xx_seq.h_shipped
> +++ b/drivers/scsi/aic7xxx/aic79xx_seq.h_shipped
> @@ -1186,5 +1186,4 @@ static const struct cs {
>         { 759, 763 }
>  };
>
> -static const int num_critical_sections = sizeof(critical_sections)
> -                                      / sizeof(*critical_sections);
> +#define NUM_CRITICAL_SECTIONS ARRAY_SIZE(critical_sections)
> diff --git a/drivers/scsi/aic7xxx/aic7xxx_core.c b/drivers/scsi/aic7xxx/aic7xxx_core.c
> index 6612ff3b2e83..e97eceacf522 100644
> --- a/drivers/scsi/aic7xxx/aic7xxx_core.c
> +++ b/drivers/scsi/aic7xxx/aic7xxx_core.c
> @@ -6848,9 +6848,9 @@ ahc_dumpseq(struct ahc_softc* ahc)
>  static int
>  ahc_loadseq(struct ahc_softc *ahc)
>  {
> -       struct  cs cs_table[num_critical_sections];
> -       u_int   begin_set[num_critical_sections];
> -       u_int   end_set[num_critical_sections];
> +       struct  cs cs_table[NUM_CRITICAL_SECTIONS];
> +       u_int   begin_set[NUM_CRITICAL_SECTIONS];
> +       u_int   end_set[NUM_CRITICAL_SECTIONS];
>         const struct patch *cur_patch;
>         u_int   cs_count;
>         u_int   cur_cs;
> @@ -6915,7 +6915,7 @@ ahc_loadseq(struct ahc_softc *ahc)
>                  * Move through the CS table until we find a CS
>                  * that might apply to this instruction.
>                  */
> -               for (; cur_cs < num_critical_sections; cur_cs++) {
> +               for (; cur_cs < NUM_CRITICAL_SECTIONS; cur_cs++) {
>                         if (critical_sections[cur_cs].end <= i) {
>                                 if (begin_set[cs_count] == TRUE
>                                  && end_set[cs_count] == FALSE) {
> diff --git a/drivers/scsi/aic7xxx/aic7xxx_seq.h_shipped b/drivers/scsi/aic7xxx/aic7xxx_seq.h_shipped
> index 07e93fbae706..f37362bc8ece 100644
> --- a/drivers/scsi/aic7xxx/aic7xxx_seq.h_shipped
> +++ b/drivers/scsi/aic7xxx/aic7xxx_seq.h_shipped
> @@ -1304,5 +1304,4 @@ static const struct cs {
>         { 875, 877 }
>  };
>
> -static const int num_critical_sections = sizeof(critical_sections)
> -                                      / sizeof(*critical_sections);
> +#define NUM_CRITICAL_SECTIONS ARRAY_SIZE(critical_sections)
> diff --git a/drivers/scsi/aic7xxx/aicasm/aicasm.c b/drivers/scsi/aic7xxx/aicasm/aicasm.c
> index 21ac265280bf..5f474e490f3e 100644
> --- a/drivers/scsi/aic7xxx/aicasm/aicasm.c
> +++ b/drivers/scsi/aic7xxx/aicasm/aicasm.c
> @@ -451,8 +451,7 @@ output_code()
>         fprintf(ofile, "\n};\n\n");
>
>         fprintf(ofile,
> -"static const int num_critical_sections = sizeof(critical_sections)\n"
> -"                                     / sizeof(*critical_sections);\n");
> +       "#define NUM_CRITICAL_SECTIONS ARRAY_SIZE(critical_sections)\n");
>
>         fprintf(stderr, "%s: %d instructions used\n", appname, instrcount);
>  }
> --
> 2.11.0
>



-- 
Kees Cook
Pixel Security

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ