subject:"\[PATCH\] rave\-sp\: Remove VLA"

Re: [PATCH] rave-sp: Remove VLA

2018-04-26 Thread Lee Jones

> On Wed, Apr 25, 2018 at 3:31 AM Lee Jones  wrote:
> 
> > On Tue, 24 Apr 2018, Kees Cook wrote:
> 
> > > On Mon, Apr 23, 2018 at 10:43 PM, Lee Jones 
> wrote:
> > > > On Mon, 23 Apr 2018, Kyle Spiers wrote:
> > > >
> > > >> As part of the effort to remove VLAs from the kernel[1], this creates
> > > >> constants for the checksum lengths of CCITT and 8B2C and changes
> > > >> crc_calculated to be the maximum size of a checksum.
> > > >>
> > > >> https://lkml.org/lkml/2018/3/7/621
> > > >>
> > > >> Signed-off-by: Kyle Spiers 
> > > >> ---
> > > >>  drivers/mfd/rave-sp.c | 11 +--
> > > >>  1 file changed, 9 insertions(+), 2 deletions(-)
> > > >>
> > > >> diff --git a/drivers/mfd/rave-sp.c b/drivers/mfd/rave-sp.c
> > > >> index 5c858e784a89..99fa482419f9 100644
> > > >> --- a/drivers/mfd/rave-sp.c
> > > >> +++ b/drivers/mfd/rave-sp.c
> > > >> @@ -45,7 +45,9 @@
> > > >>  #define RAVE_SP_DLE  0x10
> > > >>
> > > >>  #define RAVE_SP_MAX_DATA_SIZE64
> > > >> -#define RAVE_SP_CHECKSUM_SIZE2  /* Worst case
> scenario on RDU2 */
> > > >> +#define RAVE_SP_CHECKSUM_8B2C1
> > > >> +#define RAVE_SP_CHECKSUM_CCITT   2
> > > >> +#define RAVE_SP_CHECKSUM_SIZERAVE_SP_CHECKSUM_CCITT
> > > >>  /*
> > > >>   * We don't store STX, ETX and unescaped bytes, so Rx is only
> > > >>   * DATA + CSUM
> > > >> @@ -415,7 +417,12 @@ static void rave_sp_receive_frame(struct
> rave_sp *sp,
> > > >>   const size_t payload_length  = length - checksum_length;
> > > >>   const u8 *crc_reported   = [payload_length];
> > > >>   struct device *dev   = >serdev->dev;
> > > >> - u8 crc_calculated[checksum_length];
> > > >> + u8 crc_calculated[RAVE_SP_CHECKSUM_SIZE];
> > > >> +
> > > >> + if (unlikely(length > sizeof(crc_calculated))) {
> > > >
> > > > Forgive me if I have this wrong (it's still very early here), but this
> > > > doesn't leave any room for the payload?
> > > >
> > > > <--   length -->
> > > > <- payload length ->
> > > > [CK][CK][D][A][T][A] .. [64]
> > > >
> > > > It is my hope that length would always be larger than the size of the
> > > > checksum, or else there would never be any data?
> > > >
> > > > Should this not be:
> > > >
> > > > if (unlikely(length > RAVE_SP_MAX_DATA_SIZE))
> > >
> > > Oh, whoops, no, this should be:
> > >
> > > + if (unlikely(checksum_lengh > sizeof(crc_calculated))) {
> > >
> > > (To validate the VLA max size.)
> 
> > That doesn't match the OP's error message though:
> 
> >dev_warn(dev, "Dropping oversized frame\n");
> 
> > Which I assume is designed to complement the existing warning:
> 
> >if (unlikely(length <= checksum_length))
> >dev_warn(dev, "Dropping short frame\n");

[MOVING - Please don't top post - reply in-line] 

> The error message is also wrong. Would "Checksum length too large" be fine?

"Checksum too long, dropping" ?

-- 
Lee Jones [李琼斯]
Linaro Services Technical Lead
Linaro.org │ Open source software for ARM SoCs
Follow Linaro: Facebook | Twitter | Blog

Re: [PATCH] rave-sp: Remove VLA

2018-04-26 Thread Lee Jones

> On Wed, Apr 25, 2018 at 3:31 AM Lee Jones  wrote:
> 
> > On Tue, 24 Apr 2018, Kees Cook wrote:
> 
> > > On Mon, Apr 23, 2018 at 10:43 PM, Lee Jones 
> wrote:
> > > > On Mon, 23 Apr 2018, Kyle Spiers wrote:
> > > >
> > > >> As part of the effort to remove VLAs from the kernel[1], this creates
> > > >> constants for the checksum lengths of CCITT and 8B2C and changes
> > > >> crc_calculated to be the maximum size of a checksum.
> > > >>
> > > >> https://lkml.org/lkml/2018/3/7/621
> > > >>
> > > >> Signed-off-by: Kyle Spiers 
> > > >> ---
> > > >>  drivers/mfd/rave-sp.c | 11 +--
> > > >>  1 file changed, 9 insertions(+), 2 deletions(-)
> > > >>
> > > >> diff --git a/drivers/mfd/rave-sp.c b/drivers/mfd/rave-sp.c
> > > >> index 5c858e784a89..99fa482419f9 100644
> > > >> --- a/drivers/mfd/rave-sp.c
> > > >> +++ b/drivers/mfd/rave-sp.c
> > > >> @@ -45,7 +45,9 @@
> > > >>  #define RAVE_SP_DLE  0x10
> > > >>
> > > >>  #define RAVE_SP_MAX_DATA_SIZE64
> > > >> -#define RAVE_SP_CHECKSUM_SIZE2  /* Worst case
> scenario on RDU2 */
> > > >> +#define RAVE_SP_CHECKSUM_8B2C1
> > > >> +#define RAVE_SP_CHECKSUM_CCITT   2
> > > >> +#define RAVE_SP_CHECKSUM_SIZERAVE_SP_CHECKSUM_CCITT
> > > >>  /*
> > > >>   * We don't store STX, ETX and unescaped bytes, so Rx is only
> > > >>   * DATA + CSUM
> > > >> @@ -415,7 +417,12 @@ static void rave_sp_receive_frame(struct
> rave_sp *sp,
> > > >>   const size_t payload_length  = length - checksum_length;
> > > >>   const u8 *crc_reported   = [payload_length];
> > > >>   struct device *dev   = >serdev->dev;
> > > >> - u8 crc_calculated[checksum_length];
> > > >> + u8 crc_calculated[RAVE_SP_CHECKSUM_SIZE];
> > > >> +
> > > >> + if (unlikely(length > sizeof(crc_calculated))) {
> > > >
> > > > Forgive me if I have this wrong (it's still very early here), but this
> > > > doesn't leave any room for the payload?
> > > >
> > > > <--   length -->
> > > > <- payload length ->
> > > > [CK][CK][D][A][T][A] .. [64]
> > > >
> > > > It is my hope that length would always be larger than the size of the
> > > > checksum, or else there would never be any data?
> > > >
> > > > Should this not be:
> > > >
> > > > if (unlikely(length > RAVE_SP_MAX_DATA_SIZE))
> > >
> > > Oh, whoops, no, this should be:
> > >
> > > + if (unlikely(checksum_lengh > sizeof(crc_calculated))) {
> > >
> > > (To validate the VLA max size.)
> 
> > That doesn't match the OP's error message though:
> 
> >dev_warn(dev, "Dropping oversized frame\n");
> 
> > Which I assume is designed to complement the existing warning:
> 
> >if (unlikely(length <= checksum_length))
> >dev_warn(dev, "Dropping short frame\n");

[MOVING - Please don't top post - reply in-line] 

> The error message is also wrong. Would "Checksum length too large" be fine?

"Checksum too long, dropping" ?

-- 
Lee Jones [李琼斯]
Linaro Services Technical Lead
Linaro.org │ Open source software for ARM SoCs
Follow Linaro: Facebook | Twitter | Blog

Re: [PATCH] rave-sp: Remove VLA

2018-04-25 Thread Kyle Spiers

The error message is also wrong. Would "Checksum length too large" be fine?

On Wed, Apr 25, 2018 at 3:31 AM Lee Jones  wrote:

> On Tue, 24 Apr 2018, Kees Cook wrote:

> > On Mon, Apr 23, 2018 at 10:43 PM, Lee Jones 
wrote:
> > > On Mon, 23 Apr 2018, Kyle Spiers wrote:
> > >
> > >> As part of the effort to remove VLAs from the kernel[1], this creates
> > >> constants for the checksum lengths of CCITT and 8B2C and changes
> > >> crc_calculated to be the maximum size of a checksum.
> > >>
> > >> https://lkml.org/lkml/2018/3/7/621
> > >>
> > >> Signed-off-by: Kyle Spiers 
> > >> ---
> > >>  drivers/mfd/rave-sp.c | 11 +--
> > >>  1 file changed, 9 insertions(+), 2 deletions(-)
> > >>
> > >> diff --git a/drivers/mfd/rave-sp.c b/drivers/mfd/rave-sp.c
> > >> index 5c858e784a89..99fa482419f9 100644
> > >> --- a/drivers/mfd/rave-sp.c
> > >> +++ b/drivers/mfd/rave-sp.c
> > >> @@ -45,7 +45,9 @@
> > >>  #define RAVE_SP_DLE  0x10
> > >>
> > >>  #define RAVE_SP_MAX_DATA_SIZE64
> > >> -#define RAVE_SP_CHECKSUM_SIZE2  /* Worst case
scenario on RDU2 */
> > >> +#define RAVE_SP_CHECKSUM_8B2C1
> > >> +#define RAVE_SP_CHECKSUM_CCITT   2
> > >> +#define RAVE_SP_CHECKSUM_SIZERAVE_SP_CHECKSUM_CCITT
> > >>  /*
> > >>   * We don't store STX, ETX and unescaped bytes, so Rx is only
> > >>   * DATA + CSUM
> > >> @@ -415,7 +417,12 @@ static void rave_sp_receive_frame(struct
rave_sp *sp,
> > >>   const size_t payload_length  = length - checksum_length;
> > >>   const u8 *crc_reported   = [payload_length];
> > >>   struct device *dev   = >serdev->dev;
> > >> - u8 crc_calculated[checksum_length];
> > >> + u8 crc_calculated[RAVE_SP_CHECKSUM_SIZE];
> > >> +
> > >> + if (unlikely(length > sizeof(crc_calculated))) {
> > >
> > > Forgive me if I have this wrong (it's still very early here), but this
> > > doesn't leave any room for the payload?
> > >
> > > <--   length -->
> > > <- payload length ->
> > > [CK][CK][D][A][T][A] .. [64]
> > >
> > > It is my hope that length would always be larger than the size of the
> > > checksum, or else there would never be any data?
> > >
> > > Should this not be:
> > >
> > > if (unlikely(length > RAVE_SP_MAX_DATA_SIZE))
> >
> > Oh, whoops, no, this should be:
> >
> > + if (unlikely(checksum_lengh > sizeof(crc_calculated))) {
> >
> > (To validate the VLA max size.)

> That doesn't match the OP's error message though:

>dev_warn(dev, "Dropping oversized frame\n");

> Which I assume is designed to complement the existing warning:

>if (unlikely(length <= checksum_length))
>dev_warn(dev, "Dropping short frame\n");

> --
> Lee Jones [李琼斯]
> Linaro Services Technical Lead
> Linaro.org │ Open source software for ARM SoCs
> Follow Linaro: Facebook | Twitter | Blog

Re: [PATCH] rave-sp: Remove VLA

2018-04-25 Thread Kyle Spiers

The error message is also wrong. Would "Checksum length too large" be fine?

On Wed, Apr 25, 2018 at 3:31 AM Lee Jones  wrote:

> On Tue, 24 Apr 2018, Kees Cook wrote:

> > On Mon, Apr 23, 2018 at 10:43 PM, Lee Jones 
wrote:
> > > On Mon, 23 Apr 2018, Kyle Spiers wrote:
> > >
> > >> As part of the effort to remove VLAs from the kernel[1], this creates
> > >> constants for the checksum lengths of CCITT and 8B2C and changes
> > >> crc_calculated to be the maximum size of a checksum.
> > >>
> > >> https://lkml.org/lkml/2018/3/7/621
> > >>
> > >> Signed-off-by: Kyle Spiers 
> > >> ---
> > >>  drivers/mfd/rave-sp.c | 11 +--
> > >>  1 file changed, 9 insertions(+), 2 deletions(-)
> > >>
> > >> diff --git a/drivers/mfd/rave-sp.c b/drivers/mfd/rave-sp.c
> > >> index 5c858e784a89..99fa482419f9 100644
> > >> --- a/drivers/mfd/rave-sp.c
> > >> +++ b/drivers/mfd/rave-sp.c
> > >> @@ -45,7 +45,9 @@
> > >>  #define RAVE_SP_DLE  0x10
> > >>
> > >>  #define RAVE_SP_MAX_DATA_SIZE64
> > >> -#define RAVE_SP_CHECKSUM_SIZE2  /* Worst case
scenario on RDU2 */
> > >> +#define RAVE_SP_CHECKSUM_8B2C1
> > >> +#define RAVE_SP_CHECKSUM_CCITT   2
> > >> +#define RAVE_SP_CHECKSUM_SIZERAVE_SP_CHECKSUM_CCITT
> > >>  /*
> > >>   * We don't store STX, ETX and unescaped bytes, so Rx is only
> > >>   * DATA + CSUM
> > >> @@ -415,7 +417,12 @@ static void rave_sp_receive_frame(struct
rave_sp *sp,
> > >>   const size_t payload_length  = length - checksum_length;
> > >>   const u8 *crc_reported   = [payload_length];
> > >>   struct device *dev   = >serdev->dev;
> > >> - u8 crc_calculated[checksum_length];
> > >> + u8 crc_calculated[RAVE_SP_CHECKSUM_SIZE];
> > >> +
> > >> + if (unlikely(length > sizeof(crc_calculated))) {
> > >
> > > Forgive me if I have this wrong (it's still very early here), but this
> > > doesn't leave any room for the payload?
> > >
> > > <--   length -->
> > > <- payload length ->
> > > [CK][CK][D][A][T][A] .. [64]
> > >
> > > It is my hope that length would always be larger than the size of the
> > > checksum, or else there would never be any data?
> > >
> > > Should this not be:
> > >
> > > if (unlikely(length > RAVE_SP_MAX_DATA_SIZE))
> >
> > Oh, whoops, no, this should be:
> >
> > + if (unlikely(checksum_lengh > sizeof(crc_calculated))) {
> >
> > (To validate the VLA max size.)

> That doesn't match the OP's error message though:

>dev_warn(dev, "Dropping oversized frame\n");

> Which I assume is designed to complement the existing warning:

>if (unlikely(length <= checksum_length))
>dev_warn(dev, "Dropping short frame\n");

> --
> Lee Jones [李琼斯]
> Linaro Services Technical Lead
> Linaro.org │ Open source software for ARM SoCs
> Follow Linaro: Facebook | Twitter | Blog

Re: [PATCH] rave-sp: Remove VLA

2018-04-25 Thread Lee Jones

On Tue, 24 Apr 2018, Kees Cook wrote:

> On Mon, Apr 23, 2018 at 10:43 PM, Lee Jones  wrote:
> > On Mon, 23 Apr 2018, Kyle Spiers wrote:
> >
> >> As part of the effort to remove VLAs from the kernel[1], this creates
> >> constants for the checksum lengths of CCITT and 8B2C and changes
> >> crc_calculated to be the maximum size of a checksum.
> >>
> >> https://lkml.org/lkml/2018/3/7/621
> >>
> >> Signed-off-by: Kyle Spiers 
> >> ---
> >>  drivers/mfd/rave-sp.c | 11 +--
> >>  1 file changed, 9 insertions(+), 2 deletions(-)
> >>
> >> diff --git a/drivers/mfd/rave-sp.c b/drivers/mfd/rave-sp.c
> >> index 5c858e784a89..99fa482419f9 100644
> >> --- a/drivers/mfd/rave-sp.c
> >> +++ b/drivers/mfd/rave-sp.c
> >> @@ -45,7 +45,9 @@
> >>  #define RAVE_SP_DLE  0x10
> >>
> >>  #define RAVE_SP_MAX_DATA_SIZE64
> >> -#define RAVE_SP_CHECKSUM_SIZE2  /* Worst case scenario on 
> >> RDU2 */
> >> +#define RAVE_SP_CHECKSUM_8B2C1
> >> +#define RAVE_SP_CHECKSUM_CCITT   2
> >> +#define RAVE_SP_CHECKSUM_SIZERAVE_SP_CHECKSUM_CCITT
> >>  /*
> >>   * We don't store STX, ETX and unescaped bytes, so Rx is only
> >>   * DATA + CSUM
> >> @@ -415,7 +417,12 @@ static void rave_sp_receive_frame(struct rave_sp *sp,
> >>   const size_t payload_length  = length - checksum_length;
> >>   const u8 *crc_reported   = [payload_length];
> >>   struct device *dev   = >serdev->dev;
> >> - u8 crc_calculated[checksum_length];
> >> + u8 crc_calculated[RAVE_SP_CHECKSUM_SIZE];
> >> +
> >> + if (unlikely(length > sizeof(crc_calculated))) {
> >
> > Forgive me if I have this wrong (it's still very early here), but this
> > doesn't leave any room for the payload?
> >
> > <--   length -->
> > <- payload length ->
> > [CK][CK][D][A][T][A] .. [64]
> >
> > It is my hope that length would always be larger than the size of the
> > checksum, or else there would never be any data?
> >
> > Should this not be:
> >
> > if (unlikely(length > RAVE_SP_MAX_DATA_SIZE))
> 
> Oh, whoops, no, this should be:
> 
> + if (unlikely(checksum_lengh > sizeof(crc_calculated))) {
> 
> (To validate the VLA max size.)

That doesn't match the OP's error message though:

  dev_warn(dev, "Dropping oversized frame\n");

Which I assume is designed to complement the existing warning:

  if (unlikely(length <= checksum_length))
  dev_warn(dev, "Dropping short frame\n");

-- 
Lee Jones [李琼斯]
Linaro Services Technical Lead
Linaro.org │ Open source software for ARM SoCs
Follow Linaro: Facebook | Twitter | Blog

Re: [PATCH] rave-sp: Remove VLA

2018-04-25 Thread Lee Jones

On Tue, 24 Apr 2018, Kees Cook wrote:

> On Mon, Apr 23, 2018 at 10:43 PM, Lee Jones  wrote:
> > On Mon, 23 Apr 2018, Kyle Spiers wrote:
> >
> >> As part of the effort to remove VLAs from the kernel[1], this creates
> >> constants for the checksum lengths of CCITT and 8B2C and changes
> >> crc_calculated to be the maximum size of a checksum.
> >>
> >> https://lkml.org/lkml/2018/3/7/621
> >>
> >> Signed-off-by: Kyle Spiers 
> >> ---
> >>  drivers/mfd/rave-sp.c | 11 +--
> >>  1 file changed, 9 insertions(+), 2 deletions(-)
> >>
> >> diff --git a/drivers/mfd/rave-sp.c b/drivers/mfd/rave-sp.c
> >> index 5c858e784a89..99fa482419f9 100644
> >> --- a/drivers/mfd/rave-sp.c
> >> +++ b/drivers/mfd/rave-sp.c
> >> @@ -45,7 +45,9 @@
> >>  #define RAVE_SP_DLE  0x10
> >>
> >>  #define RAVE_SP_MAX_DATA_SIZE64
> >> -#define RAVE_SP_CHECKSUM_SIZE2  /* Worst case scenario on 
> >> RDU2 */
> >> +#define RAVE_SP_CHECKSUM_8B2C1
> >> +#define RAVE_SP_CHECKSUM_CCITT   2
> >> +#define RAVE_SP_CHECKSUM_SIZERAVE_SP_CHECKSUM_CCITT
> >>  /*
> >>   * We don't store STX, ETX and unescaped bytes, so Rx is only
> >>   * DATA + CSUM
> >> @@ -415,7 +417,12 @@ static void rave_sp_receive_frame(struct rave_sp *sp,
> >>   const size_t payload_length  = length - checksum_length;
> >>   const u8 *crc_reported   = [payload_length];
> >>   struct device *dev   = >serdev->dev;
> >> - u8 crc_calculated[checksum_length];
> >> + u8 crc_calculated[RAVE_SP_CHECKSUM_SIZE];
> >> +
> >> + if (unlikely(length > sizeof(crc_calculated))) {
> >
> > Forgive me if I have this wrong (it's still very early here), but this
> > doesn't leave any room for the payload?
> >
> > <--   length -->
> > <- payload length ->
> > [CK][CK][D][A][T][A] .. [64]
> >
> > It is my hope that length would always be larger than the size of the
> > checksum, or else there would never be any data?
> >
> > Should this not be:
> >
> > if (unlikely(length > RAVE_SP_MAX_DATA_SIZE))
> 
> Oh, whoops, no, this should be:
> 
> + if (unlikely(checksum_lengh > sizeof(crc_calculated))) {
> 
> (To validate the VLA max size.)

That doesn't match the OP's error message though:

  dev_warn(dev, "Dropping oversized frame\n");

Which I assume is designed to complement the existing warning:

  if (unlikely(length <= checksum_length))
  dev_warn(dev, "Dropping short frame\n");

-- 
Lee Jones [李琼斯]
Linaro Services Technical Lead
Linaro.org │ Open source software for ARM SoCs
Follow Linaro: Facebook | Twitter | Blog

Re: [PATCH] rave-sp: Remove VLA

2018-04-24 Thread Kees Cook

On Mon, Apr 23, 2018 at 10:43 PM, Lee Jones  wrote:
> On Mon, 23 Apr 2018, Kyle Spiers wrote:
>
>> As part of the effort to remove VLAs from the kernel[1], this creates
>> constants for the checksum lengths of CCITT and 8B2C and changes
>> crc_calculated to be the maximum size of a checksum.
>>
>> https://lkml.org/lkml/2018/3/7/621
>>
>> Signed-off-by: Kyle Spiers 
>> ---
>>  drivers/mfd/rave-sp.c | 11 +--
>>  1 file changed, 9 insertions(+), 2 deletions(-)
>>
>> diff --git a/drivers/mfd/rave-sp.c b/drivers/mfd/rave-sp.c
>> index 5c858e784a89..99fa482419f9 100644
>> --- a/drivers/mfd/rave-sp.c
>> +++ b/drivers/mfd/rave-sp.c
>> @@ -45,7 +45,9 @@
>>  #define RAVE_SP_DLE  0x10
>>
>>  #define RAVE_SP_MAX_DATA_SIZE64
>> -#define RAVE_SP_CHECKSUM_SIZE2  /* Worst case scenario on 
>> RDU2 */
>> +#define RAVE_SP_CHECKSUM_8B2C1
>> +#define RAVE_SP_CHECKSUM_CCITT   2
>> +#define RAVE_SP_CHECKSUM_SIZERAVE_SP_CHECKSUM_CCITT
>>  /*
>>   * We don't store STX, ETX and unescaped bytes, so Rx is only
>>   * DATA + CSUM
>> @@ -415,7 +417,12 @@ static void rave_sp_receive_frame(struct rave_sp *sp,
>>   const size_t payload_length  = length - checksum_length;
>>   const u8 *crc_reported   = [payload_length];
>>   struct device *dev   = >serdev->dev;
>> - u8 crc_calculated[checksum_length];
>> + u8 crc_calculated[RAVE_SP_CHECKSUM_SIZE];
>> +
>> + if (unlikely(length > sizeof(crc_calculated))) {
>
> Forgive me if I have this wrong (it's still very early here), but this
> doesn't leave any room for the payload?
>
> <--   length -->
> <- payload length ->
> [CK][CK][D][A][T][A] .. [64]
>
> It is my hope that length would always be larger than the size of the
> checksum, or else there would never be any data?
>
> Should this not be:
>
> if (unlikely(length > RAVE_SP_MAX_DATA_SIZE))

Oh, whoops, no, this should be:

+ if (unlikely(checksum_lengh > sizeof(crc_calculated))) {

(To validate the VLA max size.)

-Kees

-- 
Kees Cook
Pixel Security

Re: [PATCH] rave-sp: Remove VLA

2018-04-24 Thread Kees Cook

On Mon, Apr 23, 2018 at 10:43 PM, Lee Jones  wrote:
> On Mon, 23 Apr 2018, Kyle Spiers wrote:
>
>> As part of the effort to remove VLAs from the kernel[1], this creates
>> constants for the checksum lengths of CCITT and 8B2C and changes
>> crc_calculated to be the maximum size of a checksum.
>>
>> https://lkml.org/lkml/2018/3/7/621
>>
>> Signed-off-by: Kyle Spiers 
>> ---
>>  drivers/mfd/rave-sp.c | 11 +--
>>  1 file changed, 9 insertions(+), 2 deletions(-)
>>
>> diff --git a/drivers/mfd/rave-sp.c b/drivers/mfd/rave-sp.c
>> index 5c858e784a89..99fa482419f9 100644
>> --- a/drivers/mfd/rave-sp.c
>> +++ b/drivers/mfd/rave-sp.c
>> @@ -45,7 +45,9 @@
>>  #define RAVE_SP_DLE  0x10
>>
>>  #define RAVE_SP_MAX_DATA_SIZE64
>> -#define RAVE_SP_CHECKSUM_SIZE2  /* Worst case scenario on 
>> RDU2 */
>> +#define RAVE_SP_CHECKSUM_8B2C1
>> +#define RAVE_SP_CHECKSUM_CCITT   2
>> +#define RAVE_SP_CHECKSUM_SIZERAVE_SP_CHECKSUM_CCITT
>>  /*
>>   * We don't store STX, ETX and unescaped bytes, so Rx is only
>>   * DATA + CSUM
>> @@ -415,7 +417,12 @@ static void rave_sp_receive_frame(struct rave_sp *sp,
>>   const size_t payload_length  = length - checksum_length;
>>   const u8 *crc_reported   = [payload_length];
>>   struct device *dev   = >serdev->dev;
>> - u8 crc_calculated[checksum_length];
>> + u8 crc_calculated[RAVE_SP_CHECKSUM_SIZE];
>> +
>> + if (unlikely(length > sizeof(crc_calculated))) {
>
> Forgive me if I have this wrong (it's still very early here), but this
> doesn't leave any room for the payload?
>
> <--   length -->
> <- payload length ->
> [CK][CK][D][A][T][A] .. [64]
>
> It is my hope that length would always be larger than the size of the
> checksum, or else there would never be any data?
>
> Should this not be:
>
> if (unlikely(length > RAVE_SP_MAX_DATA_SIZE))

Oh, whoops, no, this should be:

+ if (unlikely(checksum_lengh > sizeof(crc_calculated))) {

(To validate the VLA max size.)

-Kees

-- 
Kees Cook
Pixel Security

Re: [PATCH] rave-sp: Remove VLA

2018-04-23 Thread Lee Jones

On Mon, 23 Apr 2018, Kyle Spiers wrote:

> As part of the effort to remove VLAs from the kernel[1], this creates
> constants for the checksum lengths of CCITT and 8B2C and changes
> crc_calculated to be the maximum size of a checksum.
> 
> https://lkml.org/lkml/2018/3/7/621
> 
> Signed-off-by: Kyle Spiers 
> ---
>  drivers/mfd/rave-sp.c | 11 +--
>  1 file changed, 9 insertions(+), 2 deletions(-)
> 
> diff --git a/drivers/mfd/rave-sp.c b/drivers/mfd/rave-sp.c
> index 5c858e784a89..99fa482419f9 100644
> --- a/drivers/mfd/rave-sp.c
> +++ b/drivers/mfd/rave-sp.c
> @@ -45,7 +45,9 @@
>  #define RAVE_SP_DLE  0x10
>  
>  #define RAVE_SP_MAX_DATA_SIZE64
> -#define RAVE_SP_CHECKSUM_SIZE2  /* Worst case scenario on 
> RDU2 */
> +#define RAVE_SP_CHECKSUM_8B2C1
> +#define RAVE_SP_CHECKSUM_CCITT   2
> +#define RAVE_SP_CHECKSUM_SIZERAVE_SP_CHECKSUM_CCITT
>  /*
>   * We don't store STX, ETX and unescaped bytes, so Rx is only
>   * DATA + CSUM
> @@ -415,7 +417,12 @@ static void rave_sp_receive_frame(struct rave_sp *sp,
>   const size_t payload_length  = length - checksum_length;
>   const u8 *crc_reported   = [payload_length];
>   struct device *dev   = >serdev->dev;
> - u8 crc_calculated[checksum_length];
> + u8 crc_calculated[RAVE_SP_CHECKSUM_SIZE];
> +
> + if (unlikely(length > sizeof(crc_calculated))) {

Forgive me if I have this wrong (it's still very early here), but this
doesn't leave any room for the payload?

<--   length -->
<- payload length ->
[CK][CK][D][A][T][A] .. [64]

It is my hope that length would always be larger than the size of the
checksum, or else there would never be any data?

Should this not be:

if (unlikely(length > RAVE_SP_MAX_DATA_SIZE))

Nit: Adding the check is also an unrelated change, so would require a
separate patch.

> + dev_warn(dev, "Dropping oversized frame\n");
> + return;
> + }
>  
>   print_hex_dump(KERN_DEBUG, "rave-sp rx: ", DUMP_PREFIX_NONE,
>  16, 1, data, length, false);

-- 
Lee Jones [李琼斯]
Linaro Services Technical Lead
Linaro.org │ Open source software for ARM SoCs
Follow Linaro: Facebook | Twitter | Blog

Re: [PATCH] rave-sp: Remove VLA

2018-04-23 Thread Lee Jones

On Mon, 23 Apr 2018, Kyle Spiers wrote:

> As part of the effort to remove VLAs from the kernel[1], this creates
> constants for the checksum lengths of CCITT and 8B2C and changes
> crc_calculated to be the maximum size of a checksum.
> 
> https://lkml.org/lkml/2018/3/7/621
> 
> Signed-off-by: Kyle Spiers 
> ---
>  drivers/mfd/rave-sp.c | 11 +--
>  1 file changed, 9 insertions(+), 2 deletions(-)
> 
> diff --git a/drivers/mfd/rave-sp.c b/drivers/mfd/rave-sp.c
> index 5c858e784a89..99fa482419f9 100644
> --- a/drivers/mfd/rave-sp.c
> +++ b/drivers/mfd/rave-sp.c
> @@ -45,7 +45,9 @@
>  #define RAVE_SP_DLE  0x10
>  
>  #define RAVE_SP_MAX_DATA_SIZE64
> -#define RAVE_SP_CHECKSUM_SIZE2  /* Worst case scenario on 
> RDU2 */
> +#define RAVE_SP_CHECKSUM_8B2C1
> +#define RAVE_SP_CHECKSUM_CCITT   2
> +#define RAVE_SP_CHECKSUM_SIZERAVE_SP_CHECKSUM_CCITT
>  /*
>   * We don't store STX, ETX and unescaped bytes, so Rx is only
>   * DATA + CSUM
> @@ -415,7 +417,12 @@ static void rave_sp_receive_frame(struct rave_sp *sp,
>   const size_t payload_length  = length - checksum_length;
>   const u8 *crc_reported   = [payload_length];
>   struct device *dev   = >serdev->dev;
> - u8 crc_calculated[checksum_length];
> + u8 crc_calculated[RAVE_SP_CHECKSUM_SIZE];
> +
> + if (unlikely(length > sizeof(crc_calculated))) {

Forgive me if I have this wrong (it's still very early here), but this
doesn't leave any room for the payload?

<--   length -->
<- payload length ->
[CK][CK][D][A][T][A] .. [64]

It is my hope that length would always be larger than the size of the
checksum, or else there would never be any data?

Should this not be:

if (unlikely(length > RAVE_SP_MAX_DATA_SIZE))

Nit: Adding the check is also an unrelated change, so would require a
separate patch.

> + dev_warn(dev, "Dropping oversized frame\n");
> + return;
> + }
>  
>   print_hex_dump(KERN_DEBUG, "rave-sp rx: ", DUMP_PREFIX_NONE,
>  16, 1, data, length, false);

-- 
Lee Jones [李琼斯]
Linaro Services Technical Lead
Linaro.org │ Open source software for ARM SoCs
Follow Linaro: Facebook | Twitter | Blog

Re: [PATCH] rave-sp: Remove VLA

2018-04-23 Thread Kees Cook

On Mon, Apr 23, 2018 at 1:02 PM, Kyle Spiers  wrote:
> As part of the effort to remove VLAs from the kernel[1], this creates
> constants for the checksum lengths of CCITT and 8B2C and changes
> crc_calculated to be the maximum size of a checksum.
>
> https://lkml.org/lkml/2018/3/7/621
>
> Signed-off-by: Kyle Spiers 

Reviewed-by: Kees Cook 

-Kees

> ---
>  drivers/mfd/rave-sp.c | 11 +--
>  1 file changed, 9 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/mfd/rave-sp.c b/drivers/mfd/rave-sp.c
> index 5c858e784a89..99fa482419f9 100644
> --- a/drivers/mfd/rave-sp.c
> +++ b/drivers/mfd/rave-sp.c
> @@ -45,7 +45,9 @@
>  #define RAVE_SP_DLE0x10
>
>  #define RAVE_SP_MAX_DATA_SIZE  64
> -#define RAVE_SP_CHECKSUM_SIZE  2  /* Worst case scenario on RDU2 */
> +#define RAVE_SP_CHECKSUM_8B2C  1
> +#define RAVE_SP_CHECKSUM_CCITT 2
> +#define RAVE_SP_CHECKSUM_SIZE  RAVE_SP_CHECKSUM_CCITT
>  /*
>   * We don't store STX, ETX and unescaped bytes, so Rx is only
>   * DATA + CSUM
> @@ -415,7 +417,12 @@ static void rave_sp_receive_frame(struct rave_sp *sp,
> const size_t payload_length  = length - checksum_length;
> const u8 *crc_reported   = [payload_length];
> struct device *dev   = >serdev->dev;
> -   u8 crc_calculated[checksum_length];
> +   u8 crc_calculated[RAVE_SP_CHECKSUM_SIZE];
> +
> +   if (unlikely(length > sizeof(crc_calculated))) {
> +   dev_warn(dev, "Dropping oversized frame\n");
> +   return;
> +   }
>
> print_hex_dump(KERN_DEBUG, "rave-sp rx: ", DUMP_PREFIX_NONE,
>16, 1, data, length, false);
> --
> 2.17.0.484.g0c8726318c-goog
>



-- 
Kees Cook
Pixel Security

Re: [PATCH] rave-sp: Remove VLA

2018-04-23 Thread Kees Cook

On Mon, Apr 23, 2018 at 1:02 PM, Kyle Spiers  wrote:
> As part of the effort to remove VLAs from the kernel[1], this creates
> constants for the checksum lengths of CCITT and 8B2C and changes
> crc_calculated to be the maximum size of a checksum.
>
> https://lkml.org/lkml/2018/3/7/621
>
> Signed-off-by: Kyle Spiers 

Reviewed-by: Kees Cook 

-Kees

> ---
>  drivers/mfd/rave-sp.c | 11 +--
>  1 file changed, 9 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/mfd/rave-sp.c b/drivers/mfd/rave-sp.c
> index 5c858e784a89..99fa482419f9 100644
> --- a/drivers/mfd/rave-sp.c
> +++ b/drivers/mfd/rave-sp.c
> @@ -45,7 +45,9 @@
>  #define RAVE_SP_DLE0x10
>
>  #define RAVE_SP_MAX_DATA_SIZE  64
> -#define RAVE_SP_CHECKSUM_SIZE  2  /* Worst case scenario on RDU2 */
> +#define RAVE_SP_CHECKSUM_8B2C  1
> +#define RAVE_SP_CHECKSUM_CCITT 2
> +#define RAVE_SP_CHECKSUM_SIZE  RAVE_SP_CHECKSUM_CCITT
>  /*
>   * We don't store STX, ETX and unescaped bytes, so Rx is only
>   * DATA + CSUM
> @@ -415,7 +417,12 @@ static void rave_sp_receive_frame(struct rave_sp *sp,
> const size_t payload_length  = length - checksum_length;
> const u8 *crc_reported   = [payload_length];
> struct device *dev   = >serdev->dev;
> -   u8 crc_calculated[checksum_length];
> +   u8 crc_calculated[RAVE_SP_CHECKSUM_SIZE];
> +
> +   if (unlikely(length > sizeof(crc_calculated))) {
> +   dev_warn(dev, "Dropping oversized frame\n");
> +   return;
> +   }
>
> print_hex_dump(KERN_DEBUG, "rave-sp rx: ", DUMP_PREFIX_NONE,
>16, 1, data, length, false);
> --
> 2.17.0.484.g0c8726318c-goog
>



-- 
Kees Cook
Pixel Security

[PATCH] rave-sp: Remove VLA

2018-04-23 Thread Kyle Spiers

As part of the effort to remove VLAs from the kernel[1], this creates
constants for the checksum lengths of CCITT and 8B2C and changes
crc_calculated to be the maximum size of a checksum.

https://lkml.org/lkml/2018/3/7/621

Signed-off-by: Kyle Spiers 
---
 drivers/mfd/rave-sp.c | 11 +--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/drivers/mfd/rave-sp.c b/drivers/mfd/rave-sp.c
index 5c858e784a89..99fa482419f9 100644
--- a/drivers/mfd/rave-sp.c
+++ b/drivers/mfd/rave-sp.c
@@ -45,7 +45,9 @@
 #define RAVE_SP_DLE0x10
 
 #define RAVE_SP_MAX_DATA_SIZE  64
-#define RAVE_SP_CHECKSUM_SIZE  2  /* Worst case scenario on RDU2 */
+#define RAVE_SP_CHECKSUM_8B2C  1
+#define RAVE_SP_CHECKSUM_CCITT 2
+#define RAVE_SP_CHECKSUM_SIZE  RAVE_SP_CHECKSUM_CCITT
 /*
  * We don't store STX, ETX and unescaped bytes, so Rx is only
  * DATA + CSUM
@@ -415,7 +417,12 @@ static void rave_sp_receive_frame(struct rave_sp *sp,
const size_t payload_length  = length - checksum_length;
const u8 *crc_reported   = [payload_length];
struct device *dev   = >serdev->dev;
-   u8 crc_calculated[checksum_length];
+   u8 crc_calculated[RAVE_SP_CHECKSUM_SIZE];
+
+   if (unlikely(length > sizeof(crc_calculated))) {
+   dev_warn(dev, "Dropping oversized frame\n");
+   return;
+   }
 
print_hex_dump(KERN_DEBUG, "rave-sp rx: ", DUMP_PREFIX_NONE,
   16, 1, data, length, false);
-- 
2.17.0.484.g0c8726318c-goog

[PATCH] rave-sp: Remove VLA

2018-04-23 Thread Kyle Spiers

As part of the effort to remove VLAs from the kernel[1], this creates
constants for the checksum lengths of CCITT and 8B2C and changes
crc_calculated to be the maximum size of a checksum.

https://lkml.org/lkml/2018/3/7/621

Signed-off-by: Kyle Spiers 
---
 drivers/mfd/rave-sp.c | 11 +--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/drivers/mfd/rave-sp.c b/drivers/mfd/rave-sp.c
index 5c858e784a89..99fa482419f9 100644
--- a/drivers/mfd/rave-sp.c
+++ b/drivers/mfd/rave-sp.c
@@ -45,7 +45,9 @@
 #define RAVE_SP_DLE0x10
 
 #define RAVE_SP_MAX_DATA_SIZE  64
-#define RAVE_SP_CHECKSUM_SIZE  2  /* Worst case scenario on RDU2 */
+#define RAVE_SP_CHECKSUM_8B2C  1
+#define RAVE_SP_CHECKSUM_CCITT 2
+#define RAVE_SP_CHECKSUM_SIZE  RAVE_SP_CHECKSUM_CCITT
 /*
  * We don't store STX, ETX and unescaped bytes, so Rx is only
  * DATA + CSUM
@@ -415,7 +417,12 @@ static void rave_sp_receive_frame(struct rave_sp *sp,
const size_t payload_length  = length - checksum_length;
const u8 *crc_reported   = [payload_length];
struct device *dev   = >serdev->dev;
-   u8 crc_calculated[checksum_length];
+   u8 crc_calculated[RAVE_SP_CHECKSUM_SIZE];
+
+   if (unlikely(length > sizeof(crc_calculated))) {
+   dev_warn(dev, "Dropping oversized frame\n");
+   return;
+   }
 
print_hex_dump(KERN_DEBUG, "rave-sp rx: ", DUMP_PREFIX_NONE,
   16, 1, data, length, false);
-- 
2.17.0.484.g0c8726318c-goog

Re: [PATCH] rave-sp: Remove VLA

Re: [PATCH] rave-sp: Remove VLA

Re: [PATCH] rave-sp: Remove VLA

Re: [PATCH] rave-sp: Remove VLA

Re: [PATCH] rave-sp: Remove VLA

Re: [PATCH] rave-sp: Remove VLA

Re: [PATCH] rave-sp: Remove VLA

Re: [PATCH] rave-sp: Remove VLA

Re: [PATCH] rave-sp: Remove VLA

Re: [PATCH] rave-sp: Remove VLA

Re: [PATCH] rave-sp: Remove VLA

Re: [PATCH] rave-sp: Remove VLA

[PATCH] rave-sp: Remove VLA

[PATCH] rave-sp: Remove VLA

14 matches

Site Navigation

Mail list logo

Footer information