Date: Wed, 4 Apr 2018 09:23:05 -0700 From: Kees Cook <keescook@...omium.org> To: Ulf Hansson <ulf.hansson@...aro.org> Cc: "Tobin C. Harding" <me@...in.cc>, "linux-mmc@...r.kernel.org" <linux-mmc@...r.kernel.org>, Linux Kernel Mailing List <linux-kernel@...r.kernel.org>, Kernel Hardening <kernel-hardening@...ts.openwall.com>, Tycho Andersen <tycho@...ho.ws> Subject: Re: [PATCH] mmc: pwrseq: Use kmalloc_array instead of stack VLA On Wed, Apr 4, 2018 at 5:45 AM, Ulf Hansson <ulf.hansson@...aro.org> wrote: > On 26 March 2018 at 08:33, Tobin C. Harding <me@...in.cc> wrote: >> The use of stack Variable Length Arrays needs to be avoided, as they >> can be a vector for stack exhaustion, which can be both a runtime bug >> (kernel Oops) or a security flaw (overwriting memory beyond the >> stack). Also, in general, as code evolves it is easy to lose track of >> how big a VLA can get. Thus, we can end up having runtime failures >> that are hard to debug. As part of the directive to remove all VLAs >> from the kernel, and build with -Wvla. >> >> Currently driver is using a VLA declared using the number of descriptors. This >> array is used to store integer values and is later used as an argument to >> `gpiod_set_array_value_cansleep()` This can be avoided by using >> `kmalloc_array()` to allocate memory for the array of integer values. Memory is >> free'd before return from function. >> >> From the code it appears that it is safe to sleep so we can use GFP_KERNEL >> (based _cansleep() suffix of function `gpiod_set_array_value_cansleep()`. >> >> It can be expected that this patch will result in a small increase in overhead >> due to the use of `kmalloc_array()` >> >>  https://lkml.org/lkml/2018/3/7/621 >> >> Signed-off-by: Tobin C. Harding <me@...in.cc> > > Thanks, queued for 3.18! Time travel! ;) -Kees -- Kees Cook Pixel Security
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.