lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAGXu5jJwPbUHherfpPbyN8o9NntKN_CYY_TRyvrd+K_LSvZMFw@mail.gmail.com>
Date:   Wed, 23 May 2018 15:51:48 -0700
From:   Kees Cook <keescook@...omium.org>
To:     Linus Walleij <linus.walleij@...aro.org>
Cc:     Laura Abbott <labbott@...hat.com>,
        Patrice Chotard <patrice.chotard@...com>,
        linux-gpio@...r.kernel.org, LKML <linux-kernel@...r.kernel.org>,
        Kernel Hardening <kernel-hardening@...ts.openwall.com>
Subject: Re: [PATCH v3] gpio: Remove VLA from stmpe driver

On Wed, Mar 28, 2018 at 10:59 AM, Laura Abbott <labbott@...hat.com> wrote:
> The new challenge is to remove VLAs from the kernel
> (see https://lkml.org/lkml/2018/3/7/621)
>
> The number of GPIOs on the supported chips is fairly small
> so stack allocate to a known upper bound and spit out a warning
> if any new chips have more gpios.
>
> Signed-off-by: Laura Abbott <labbott@...hat.com>

Reviewed-by: Kees Cook <keescook@...omium.org>

Linus, I think this patch is still needed and got missed? Can you take
it as well?

Thanks!

-Kees

> ---
> v3: Split this off from the rest of the series since some of the
> patches had been picked up. Switched to just hardcoding an upper
> bound for the stack array since it's only a few extra bytes
> of stack space.
> ---
>  drivers/gpio/gpio-stmpe.c | 9 ++++++++-
>  1 file changed, 8 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/gpio/gpio-stmpe.c b/drivers/gpio/gpio-stmpe.c
> index f8d7d1cd8488..8d6a5a7e612d 100644
> --- a/drivers/gpio/gpio-stmpe.c
> +++ b/drivers/gpio/gpio-stmpe.c
> @@ -363,13 +363,15 @@ static struct irq_chip stmpe_gpio_irq_chip = {
>         .irq_set_type           = stmpe_gpio_irq_set_type,
>  };
>
> +#define MAX_GPIOS 24
> +
>  static irqreturn_t stmpe_gpio_irq(int irq, void *dev)
>  {
>         struct stmpe_gpio *stmpe_gpio = dev;
>         struct stmpe *stmpe = stmpe_gpio->stmpe;
>         u8 statmsbreg;
>         int num_banks = DIV_ROUND_UP(stmpe->num_gpios, 8);
> -       u8 status[num_banks];
> +       u8 status[DIV_ROUND_UP(MAX_GPIOS, 8)];
>         int ret;
>         int i;
>
> @@ -434,6 +436,11 @@ static int stmpe_gpio_probe(struct platform_device *pdev)
>         struct stmpe_gpio *stmpe_gpio;
>         int ret, irq;
>
> +       if (stmpe->num_gpios > MAX_GPIOS) {
> +               dev_err(&pdev->dev, "Need to increase maximum GPIO number\n");
> +               return -EINVAL;
> +       }
> +
>         stmpe_gpio = kzalloc(sizeof(*stmpe_gpio), GFP_KERNEL);
>         if (!stmpe_gpio)
>                 return -ENOMEM;
> --
> 2.14.3
>



-- 
Kees Cook
Pixel Security

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ