lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 13 Mar 2018 09:29:33 +0100
From:   Stefano Manni <stefano.manni@...il.com>
To:     Alexandre Belloni <alexandre.belloni@...e-electrons.com>
Cc:     Alessandro Zummo <a.zummo@...ertech.it>, linux-rtc@...r.kernel.org,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH] rtc: mcp795: remove VLA usage

Hi,

2018-03-13 0:31 GMT+01:00 Alexandre Belloni
<alexandre.belloni@...e-electrons.com>:
> Hi,
>
> On 13/03/2018 at 00:13:38 +0100, Stefano Manni wrote:
>> In preparation to enabling -Wvla, remove VLAs and replace them with
>> fixed-length arrays instead.
>>
>> rtc-mcp795.c uses a variable-length array declaration to contain
>> the command to write the rtcc; this can be replaced by a fixed-
>> size array of length 2 (instruction, address) + 32 (data out),
>> assuming a maximum data length of 32 bytes before wrap up.
>>
>> This was prompted by https://lkml.org/lkml/2018/3/7/621
>>
>> Signed-off-by: Stefano Manni <stefano.manni@...il.com>
>> ---
>>  drivers/rtc/rtc-mcp795.c | 8 +++++++-
>>  1 file changed, 7 insertions(+), 1 deletion(-)
>>
>> diff --git a/drivers/rtc/rtc-mcp795.c b/drivers/rtc/rtc-mcp795.c
>> index 77f21331ae21..a5f504e2364c 100644
>> --- a/drivers/rtc/rtc-mcp795.c
>> +++ b/drivers/rtc/rtc-mcp795.c
>> @@ -61,6 +61,9 @@
>>
>>  #define SEC_PER_DAY          (24 * 60 * 60)
>>
>> +/* Maximum length for data out in write operation to RTCC */
>> +#define MCP795_MAX_DATAOUT_LEN       32
>> +
>
> This is wrong, see https://marc.info/?l=linux-kernel&m=152046370320811&w=2
>
> Also, https://git.kernel.org/pub/scm/linux/kernel/git/abelloni/linux.git/commit/?h=rtc-next&id=74ce1a932504da166cfbccf5567aa3751b6aa599
>

You sure that the right value to use is 255 + 2? mcp795_rtcc_write() just writes
into the RTCC that contains only 32 registers (table 4-1 of
datasheet). I assumed
32 as the maximum length of data to write before wrapping up (start
from reg 0x0).
Probably 32 is just a wrong assumption but why did you choose 255?

Another thing: don't we need also to check count against the array length?

if (count > MCP795_MAX_DATAOUT_LEN)
    return -EINVAL;

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ