On Wed, Apr 4, 2018 at 5:45 AM, Ulf Hansson <ulf.hans...@linaro.org> wrote: > On 26 March 2018 at 08:33, Tobin C. Harding <m...@tobin.cc> wrote: >> The use of stack Variable Length Arrays needs to be avoided, as they >> can be a vector for stack exhaustion, which can be both a runtime bug >> (kernel Oops) or a security flaw (overwriting memory beyond the >> stack). Also, in general, as code evolves it is easy to lose track of >> how big a VLA can get. Thus, we can end up having runtime failures >> that are hard to debug. As part of the directive[1] to remove all VLAs >> from the kernel, and build with -Wvla. >> >> Currently driver is using a VLA declared using the number of descriptors. >> This >> array is used to store integer values and is later used as an argument to >> `gpiod_set_array_value_cansleep()` This can be avoided by using >> `kmalloc_array()` to allocate memory for the array of integer values. >> Memory is >> free'd before return from function. >> >> From the code it appears that it is safe to sleep so we can use GFP_KERNEL >> (based _cansleep() suffix of function `gpiod_set_array_value_cansleep()`. >> >> It can be expected that this patch will result in a small increase in >> overhead >> due to the use of `kmalloc_array()` >> >> [1] https://lkml.org/lkml/2018/3/7/621 >> >> Signed-off-by: Tobin C. Harding <m...@tobin.cc> > > Thanks, queued for 3.18!
Time travel! ;) -Kees -- Kees Cook Pixel Security
