lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20180313162850.GK3795@piout.net>
Date:   Tue, 13 Mar 2018 17:28:50 +0100
From:   Alexandre Belloni <alexandre.belloni@...e-electrons.com>
To:     Stefano Manni <stefano.manni@...il.com>
Cc:     Alessandro Zummo <a.zummo@...ertech.it>, linux-rtc@...r.kernel.org,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH] rtc: mcp795: remove VLA usage

On 13/03/2018 at 09:29:33 +0100, Stefano Manni wrote:
> Hi,
> 
> 2018-03-13 0:31 GMT+01:00 Alexandre Belloni
> <alexandre.belloni@...e-electrons.com>:
> > Hi,
> >
> > On 13/03/2018 at 00:13:38 +0100, Stefano Manni wrote:
> >> In preparation to enabling -Wvla, remove VLAs and replace them with
> >> fixed-length arrays instead.
> >>
> >> rtc-mcp795.c uses a variable-length array declaration to contain
> >> the command to write the rtcc; this can be replaced by a fixed-
> >> size array of length 2 (instruction, address) + 32 (data out),
> >> assuming a maximum data length of 32 bytes before wrap up.
> >>
> >> This was prompted by https://lkml.org/lkml/2018/3/7/621
> >>
> >> Signed-off-by: Stefano Manni <stefano.manni@...il.com>
> >> ---
> >>  drivers/rtc/rtc-mcp795.c | 8 +++++++-
> >>  1 file changed, 7 insertions(+), 1 deletion(-)
> >>
> >> diff --git a/drivers/rtc/rtc-mcp795.c b/drivers/rtc/rtc-mcp795.c
> >> index 77f21331ae21..a5f504e2364c 100644
> >> --- a/drivers/rtc/rtc-mcp795.c
> >> +++ b/drivers/rtc/rtc-mcp795.c
> >> @@ -61,6 +61,9 @@
> >>
> >>  #define SEC_PER_DAY          (24 * 60 * 60)
> >>
> >> +/* Maximum length for data out in write operation to RTCC */
> >> +#define MCP795_MAX_DATAOUT_LEN       32
> >> +
> >
> > This is wrong, see https://marc.info/?l=linux-kernel&m=152046370320811&w=2
> >
> > Also, https://git.kernel.org/pub/scm/linux/kernel/git/abelloni/linux.git/commit/?h=rtc-next&id=74ce1a932504da166cfbccf5567aa3751b6aa599
> >
> 
> You sure that the right value to use is 255 + 2? mcp795_rtcc_write() just writes
> into the RTCC that contains only 32 registers (table 4-1 of
> datasheet). I assumed
> 32 as the maximum length of data to write before wrapping up (start
> from reg 0x0).
> Probably 32 is just a wrong assumption but why did you choose 255?
> 

It is not so wrong but the plan is to be able to support reading/writing
the EEPROM later but I agree it will need to be changed anyway.

> Another thing: don't we need also to check count against the array length?
> 
> if (count > MCP795_MAX_DATAOUT_LEN)
>     return -EINVAL;

u8 count will never be greater than 255.


-- 
Alexandre Belloni, Bootlin (formerly Free Electrons)
Embedded Linux and Kernel engineering
https://bootlin.com

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ