[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <20180423200255.154645-1-ksspiers@google.com>
Date: Mon, 23 Apr 2018 13:02:55 -0700
From: Kyle Spiers <ksspiers@...gle.com>
To: lee.jones@...aro.org
Cc: linux-kernel@...r.kernel.org, keescook@...omium.org,
Kyle Spiers <ksspiers@...gle.com>
Subject: [PATCH] rave-sp: Remove VLA
As part of the effort to remove VLAs from the kernel[1], this creates
constants for the checksum lengths of CCITT and 8B2C and changes
crc_calculated to be the maximum size of a checksum.
https://lkml.org/lkml/2018/3/7/621
Signed-off-by: Kyle Spiers <ksspiers@...gle.com>
---
drivers/mfd/rave-sp.c | 11 +++++++++--
1 file changed, 9 insertions(+), 2 deletions(-)
diff --git a/drivers/mfd/rave-sp.c b/drivers/mfd/rave-sp.c
index 5c858e784a89..99fa482419f9 100644
--- a/drivers/mfd/rave-sp.c
+++ b/drivers/mfd/rave-sp.c
@@ -45,7 +45,9 @@
#define RAVE_SP_DLE 0x10
#define RAVE_SP_MAX_DATA_SIZE 64
-#define RAVE_SP_CHECKSUM_SIZE 2 /* Worst case scenario on RDU2 */
+#define RAVE_SP_CHECKSUM_8B2C 1
+#define RAVE_SP_CHECKSUM_CCITT 2
+#define RAVE_SP_CHECKSUM_SIZE RAVE_SP_CHECKSUM_CCITT
/*
* We don't store STX, ETX and unescaped bytes, so Rx is only
* DATA + CSUM
@@ -415,7 +417,12 @@ static void rave_sp_receive_frame(struct rave_sp *sp,
const size_t payload_length = length - checksum_length;
const u8 *crc_reported = &data[payload_length];
struct device *dev = &sp->serdev->dev;
- u8 crc_calculated[checksum_length];
+ u8 crc_calculated[RAVE_SP_CHECKSUM_SIZE];
+
+ if (unlikely(length > sizeof(crc_calculated))) {
+ dev_warn(dev, "Dropping oversized frame\n");
+ return;
+ }
print_hex_dump(KERN_DEBUG, "rave-sp rx: ", DUMP_PREFIX_NONE,
16, 1, data, length, false);
--
2.17.0.484.g0c8726318c-goog
Powered by blists - more mailing lists