Re: [PATCH] rave-sp: Remove VLA
> On Wed, Apr 25, 2018 at 3:31 AM Lee Joneswrote: > > > On Tue, 24 Apr 2018, Kees Cook wrote: > > > > On Mon, Apr 23, 2018 at 10:43 PM, Lee Jones > wrote: > > > > On Mon, 23 Apr 2018, Kyle Spiers wrote: > > > > > > > >> As part of the effort to remove VLAs from the kernel[1], this creates > > > >> constants for the checksum lengths of CCITT and 8B2C and changes > > > >> crc_calculated to be the maximum size of a checksum. > > > >> > > > >> https://lkml.org/lkml/2018/3/7/621 > > > >> > > > >> Signed-off-by: Kyle Spiers > > > >> --- > > > >> drivers/mfd/rave-sp.c | 11 +-- > > > >> 1 file changed, 9 insertions(+), 2 deletions(-) > > > >> > > > >> diff --git a/drivers/mfd/rave-sp.c b/drivers/mfd/rave-sp.c > > > >> index 5c858e784a89..99fa482419f9 100644 > > > >> --- a/drivers/mfd/rave-sp.c > > > >> +++ b/drivers/mfd/rave-sp.c > > > >> @@ -45,7 +45,9 @@ > > > >> #define RAVE_SP_DLE 0x10 > > > >> > > > >> #define RAVE_SP_MAX_DATA_SIZE64 > > > >> -#define RAVE_SP_CHECKSUM_SIZE2 /* Worst case > scenario on RDU2 */ > > > >> +#define RAVE_SP_CHECKSUM_8B2C1 > > > >> +#define RAVE_SP_CHECKSUM_CCITT 2 > > > >> +#define RAVE_SP_CHECKSUM_SIZERAVE_SP_CHECKSUM_CCITT > > > >> /* > > > >> * We don't store STX, ETX and unescaped bytes, so Rx is only > > > >> * DATA + CSUM > > > >> @@ -415,7 +417,12 @@ static void rave_sp_receive_frame(struct > rave_sp *sp, > > > >> const size_t payload_length = length - checksum_length; > > > >> const u8 *crc_reported = [payload_length]; > > > >> struct device *dev = >serdev->dev; > > > >> - u8 crc_calculated[checksum_length]; > > > >> + u8 crc_calculated[RAVE_SP_CHECKSUM_SIZE]; > > > >> + > > > >> + if (unlikely(length > sizeof(crc_calculated))) { > > > > > > > > Forgive me if I have this wrong (it's still very early here), but this > > > > doesn't leave any room for the payload? > > > > > > > > <-- length --> > > > > <- payload length -> > > > > [CK][CK][D][A][T][A] .. [64] > > > > > > > > It is my hope that length would always be larger than the size of the > > > > checksum, or else there would never be any data? > > > > > > > > Should this not be: > > > > > > > > if (unlikely(length > RAVE_SP_MAX_DATA_SIZE)) > > > > > > Oh, whoops, no, this should be: > > > > > > + if (unlikely(checksum_lengh > sizeof(crc_calculated))) { > > > > > > (To validate the VLA max size.) > > > That doesn't match the OP's error message though: > > >dev_warn(dev, "Dropping oversized frame\n"); > > > Which I assume is designed to complement the existing warning: > > >if (unlikely(length <= checksum_length)) > >dev_warn(dev, "Dropping short frame\n"); [MOVING - Please don't top post - reply in-line] > The error message is also wrong. Would "Checksum length too large" be fine? "Checksum too long, dropping" ? -- Lee Jones [李琼斯] Linaro Services Technical Lead Linaro.org │ Open source software for ARM SoCs Follow Linaro: Facebook | Twitter | Blog
Re: [PATCH] rave-sp: Remove VLA
> On Wed, Apr 25, 2018 at 3:31 AM Lee Jones wrote: > > > On Tue, 24 Apr 2018, Kees Cook wrote: > > > > On Mon, Apr 23, 2018 at 10:43 PM, Lee Jones > wrote: > > > > On Mon, 23 Apr 2018, Kyle Spiers wrote: > > > > > > > >> As part of the effort to remove VLAs from the kernel[1], this creates > > > >> constants for the checksum lengths of CCITT and 8B2C and changes > > > >> crc_calculated to be the maximum size of a checksum. > > > >> > > > >> https://lkml.org/lkml/2018/3/7/621 > > > >> > > > >> Signed-off-by: Kyle Spiers > > > >> --- > > > >> drivers/mfd/rave-sp.c | 11 +-- > > > >> 1 file changed, 9 insertions(+), 2 deletions(-) > > > >> > > > >> diff --git a/drivers/mfd/rave-sp.c b/drivers/mfd/rave-sp.c > > > >> index 5c858e784a89..99fa482419f9 100644 > > > >> --- a/drivers/mfd/rave-sp.c > > > >> +++ b/drivers/mfd/rave-sp.c > > > >> @@ -45,7 +45,9 @@ > > > >> #define RAVE_SP_DLE 0x10 > > > >> > > > >> #define RAVE_SP_MAX_DATA_SIZE64 > > > >> -#define RAVE_SP_CHECKSUM_SIZE2 /* Worst case > scenario on RDU2 */ > > > >> +#define RAVE_SP_CHECKSUM_8B2C1 > > > >> +#define RAVE_SP_CHECKSUM_CCITT 2 > > > >> +#define RAVE_SP_CHECKSUM_SIZERAVE_SP_CHECKSUM_CCITT > > > >> /* > > > >> * We don't store STX, ETX and unescaped bytes, so Rx is only > > > >> * DATA + CSUM > > > >> @@ -415,7 +417,12 @@ static void rave_sp_receive_frame(struct > rave_sp *sp, > > > >> const size_t payload_length = length - checksum_length; > > > >> const u8 *crc_reported = [payload_length]; > > > >> struct device *dev = >serdev->dev; > > > >> - u8 crc_calculated[checksum_length]; > > > >> + u8 crc_calculated[RAVE_SP_CHECKSUM_SIZE]; > > > >> + > > > >> + if (unlikely(length > sizeof(crc_calculated))) { > > > > > > > > Forgive me if I have this wrong (it's still very early here), but this > > > > doesn't leave any room for the payload? > > > > > > > > <-- length --> > > > > <- payload length -> > > > > [CK][CK][D][A][T][A] .. [64] > > > > > > > > It is my hope that length would always be larger than the size of the > > > > checksum, or else there would never be any data? > > > > > > > > Should this not be: > > > > > > > > if (unlikely(length > RAVE_SP_MAX_DATA_SIZE)) > > > > > > Oh, whoops, no, this should be: > > > > > > + if (unlikely(checksum_lengh > sizeof(crc_calculated))) { > > > > > > (To validate the VLA max size.) > > > That doesn't match the OP's error message though: > > >dev_warn(dev, "Dropping oversized frame\n"); > > > Which I assume is designed to complement the existing warning: > > >if (unlikely(length <= checksum_length)) > >dev_warn(dev, "Dropping short frame\n"); [MOVING - Please don't top post - reply in-line] > The error message is also wrong. Would "Checksum length too large" be fine? "Checksum too long, dropping" ? -- Lee Jones [李琼斯] Linaro Services Technical Lead Linaro.org │ Open source software for ARM SoCs Follow Linaro: Facebook | Twitter | Blog
Re: [PATCH] rave-sp: Remove VLA
The error message is also wrong. Would "Checksum length too large" be fine? On Wed, Apr 25, 2018 at 3:31 AM Lee Joneswrote: > On Tue, 24 Apr 2018, Kees Cook wrote: > > On Mon, Apr 23, 2018 at 10:43 PM, Lee Jones wrote: > > > On Mon, 23 Apr 2018, Kyle Spiers wrote: > > > > > >> As part of the effort to remove VLAs from the kernel[1], this creates > > >> constants for the checksum lengths of CCITT and 8B2C and changes > > >> crc_calculated to be the maximum size of a checksum. > > >> > > >> https://lkml.org/lkml/2018/3/7/621 > > >> > > >> Signed-off-by: Kyle Spiers > > >> --- > > >> drivers/mfd/rave-sp.c | 11 +-- > > >> 1 file changed, 9 insertions(+), 2 deletions(-) > > >> > > >> diff --git a/drivers/mfd/rave-sp.c b/drivers/mfd/rave-sp.c > > >> index 5c858e784a89..99fa482419f9 100644 > > >> --- a/drivers/mfd/rave-sp.c > > >> +++ b/drivers/mfd/rave-sp.c > > >> @@ -45,7 +45,9 @@ > > >> #define RAVE_SP_DLE 0x10 > > >> > > >> #define RAVE_SP_MAX_DATA_SIZE64 > > >> -#define RAVE_SP_CHECKSUM_SIZE2 /* Worst case scenario on RDU2 */ > > >> +#define RAVE_SP_CHECKSUM_8B2C1 > > >> +#define RAVE_SP_CHECKSUM_CCITT 2 > > >> +#define RAVE_SP_CHECKSUM_SIZERAVE_SP_CHECKSUM_CCITT > > >> /* > > >> * We don't store STX, ETX and unescaped bytes, so Rx is only > > >> * DATA + CSUM > > >> @@ -415,7 +417,12 @@ static void rave_sp_receive_frame(struct rave_sp *sp, > > >> const size_t payload_length = length - checksum_length; > > >> const u8 *crc_reported = [payload_length]; > > >> struct device *dev = >serdev->dev; > > >> - u8 crc_calculated[checksum_length]; > > >> + u8 crc_calculated[RAVE_SP_CHECKSUM_SIZE]; > > >> + > > >> + if (unlikely(length > sizeof(crc_calculated))) { > > > > > > Forgive me if I have this wrong (it's still very early here), but this > > > doesn't leave any room for the payload? > > > > > > <-- length --> > > > <- payload length -> > > > [CK][CK][D][A][T][A] .. [64] > > > > > > It is my hope that length would always be larger than the size of the > > > checksum, or else there would never be any data? > > > > > > Should this not be: > > > > > > if (unlikely(length > RAVE_SP_MAX_DATA_SIZE)) > > > > Oh, whoops, no, this should be: > > > > + if (unlikely(checksum_lengh > sizeof(crc_calculated))) { > > > > (To validate the VLA max size.) > That doesn't match the OP's error message though: >dev_warn(dev, "Dropping oversized frame\n"); > Which I assume is designed to complement the existing warning: >if (unlikely(length <= checksum_length)) >dev_warn(dev, "Dropping short frame\n"); > -- > Lee Jones [李琼斯] > Linaro Services Technical Lead > Linaro.org │ Open source software for ARM SoCs > Follow Linaro: Facebook | Twitter | Blog
Re: [PATCH] rave-sp: Remove VLA
The error message is also wrong. Would "Checksum length too large" be fine? On Wed, Apr 25, 2018 at 3:31 AM Lee Jones wrote: > On Tue, 24 Apr 2018, Kees Cook wrote: > > On Mon, Apr 23, 2018 at 10:43 PM, Lee Jones wrote: > > > On Mon, 23 Apr 2018, Kyle Spiers wrote: > > > > > >> As part of the effort to remove VLAs from the kernel[1], this creates > > >> constants for the checksum lengths of CCITT and 8B2C and changes > > >> crc_calculated to be the maximum size of a checksum. > > >> > > >> https://lkml.org/lkml/2018/3/7/621 > > >> > > >> Signed-off-by: Kyle Spiers > > >> --- > > >> drivers/mfd/rave-sp.c | 11 +-- > > >> 1 file changed, 9 insertions(+), 2 deletions(-) > > >> > > >> diff --git a/drivers/mfd/rave-sp.c b/drivers/mfd/rave-sp.c > > >> index 5c858e784a89..99fa482419f9 100644 > > >> --- a/drivers/mfd/rave-sp.c > > >> +++ b/drivers/mfd/rave-sp.c > > >> @@ -45,7 +45,9 @@ > > >> #define RAVE_SP_DLE 0x10 > > >> > > >> #define RAVE_SP_MAX_DATA_SIZE64 > > >> -#define RAVE_SP_CHECKSUM_SIZE2 /* Worst case scenario on RDU2 */ > > >> +#define RAVE_SP_CHECKSUM_8B2C1 > > >> +#define RAVE_SP_CHECKSUM_CCITT 2 > > >> +#define RAVE_SP_CHECKSUM_SIZERAVE_SP_CHECKSUM_CCITT > > >> /* > > >> * We don't store STX, ETX and unescaped bytes, so Rx is only > > >> * DATA + CSUM > > >> @@ -415,7 +417,12 @@ static void rave_sp_receive_frame(struct rave_sp *sp, > > >> const size_t payload_length = length - checksum_length; > > >> const u8 *crc_reported = [payload_length]; > > >> struct device *dev = >serdev->dev; > > >> - u8 crc_calculated[checksum_length]; > > >> + u8 crc_calculated[RAVE_SP_CHECKSUM_SIZE]; > > >> + > > >> + if (unlikely(length > sizeof(crc_calculated))) { > > > > > > Forgive me if I have this wrong (it's still very early here), but this > > > doesn't leave any room for the payload? > > > > > > <-- length --> > > > <- payload length -> > > > [CK][CK][D][A][T][A] .. [64] > > > > > > It is my hope that length would always be larger than the size of the > > > checksum, or else there would never be any data? > > > > > > Should this not be: > > > > > > if (unlikely(length > RAVE_SP_MAX_DATA_SIZE)) > > > > Oh, whoops, no, this should be: > > > > + if (unlikely(checksum_lengh > sizeof(crc_calculated))) { > > > > (To validate the VLA max size.) > That doesn't match the OP's error message though: >dev_warn(dev, "Dropping oversized frame\n"); > Which I assume is designed to complement the existing warning: >if (unlikely(length <= checksum_length)) >dev_warn(dev, "Dropping short frame\n"); > -- > Lee Jones [李琼斯] > Linaro Services Technical Lead > Linaro.org │ Open source software for ARM SoCs > Follow Linaro: Facebook | Twitter | Blog
Re: [PATCH] rave-sp: Remove VLA
On Tue, 24 Apr 2018, Kees Cook wrote: > On Mon, Apr 23, 2018 at 10:43 PM, Lee Joneswrote: > > On Mon, 23 Apr 2018, Kyle Spiers wrote: > > > >> As part of the effort to remove VLAs from the kernel[1], this creates > >> constants for the checksum lengths of CCITT and 8B2C and changes > >> crc_calculated to be the maximum size of a checksum. > >> > >> https://lkml.org/lkml/2018/3/7/621 > >> > >> Signed-off-by: Kyle Spiers > >> --- > >> drivers/mfd/rave-sp.c | 11 +-- > >> 1 file changed, 9 insertions(+), 2 deletions(-) > >> > >> diff --git a/drivers/mfd/rave-sp.c b/drivers/mfd/rave-sp.c > >> index 5c858e784a89..99fa482419f9 100644 > >> --- a/drivers/mfd/rave-sp.c > >> +++ b/drivers/mfd/rave-sp.c > >> @@ -45,7 +45,9 @@ > >> #define RAVE_SP_DLE 0x10 > >> > >> #define RAVE_SP_MAX_DATA_SIZE64 > >> -#define RAVE_SP_CHECKSUM_SIZE2 /* Worst case scenario on > >> RDU2 */ > >> +#define RAVE_SP_CHECKSUM_8B2C1 > >> +#define RAVE_SP_CHECKSUM_CCITT 2 > >> +#define RAVE_SP_CHECKSUM_SIZERAVE_SP_CHECKSUM_CCITT > >> /* > >> * We don't store STX, ETX and unescaped bytes, so Rx is only > >> * DATA + CSUM > >> @@ -415,7 +417,12 @@ static void rave_sp_receive_frame(struct rave_sp *sp, > >> const size_t payload_length = length - checksum_length; > >> const u8 *crc_reported = [payload_length]; > >> struct device *dev = >serdev->dev; > >> - u8 crc_calculated[checksum_length]; > >> + u8 crc_calculated[RAVE_SP_CHECKSUM_SIZE]; > >> + > >> + if (unlikely(length > sizeof(crc_calculated))) { > > > > Forgive me if I have this wrong (it's still very early here), but this > > doesn't leave any room for the payload? > > > > <-- length --> > > <- payload length -> > > [CK][CK][D][A][T][A] .. [64] > > > > It is my hope that length would always be larger than the size of the > > checksum, or else there would never be any data? > > > > Should this not be: > > > > if (unlikely(length > RAVE_SP_MAX_DATA_SIZE)) > > Oh, whoops, no, this should be: > > + if (unlikely(checksum_lengh > sizeof(crc_calculated))) { > > (To validate the VLA max size.) That doesn't match the OP's error message though: dev_warn(dev, "Dropping oversized frame\n"); Which I assume is designed to complement the existing warning: if (unlikely(length <= checksum_length)) dev_warn(dev, "Dropping short frame\n"); -- Lee Jones [李琼斯] Linaro Services Technical Lead Linaro.org │ Open source software for ARM SoCs Follow Linaro: Facebook | Twitter | Blog
Re: [PATCH] rave-sp: Remove VLA
On Tue, 24 Apr 2018, Kees Cook wrote: > On Mon, Apr 23, 2018 at 10:43 PM, Lee Jones wrote: > > On Mon, 23 Apr 2018, Kyle Spiers wrote: > > > >> As part of the effort to remove VLAs from the kernel[1], this creates > >> constants for the checksum lengths of CCITT and 8B2C and changes > >> crc_calculated to be the maximum size of a checksum. > >> > >> https://lkml.org/lkml/2018/3/7/621 > >> > >> Signed-off-by: Kyle Spiers > >> --- > >> drivers/mfd/rave-sp.c | 11 +-- > >> 1 file changed, 9 insertions(+), 2 deletions(-) > >> > >> diff --git a/drivers/mfd/rave-sp.c b/drivers/mfd/rave-sp.c > >> index 5c858e784a89..99fa482419f9 100644 > >> --- a/drivers/mfd/rave-sp.c > >> +++ b/drivers/mfd/rave-sp.c > >> @@ -45,7 +45,9 @@ > >> #define RAVE_SP_DLE 0x10 > >> > >> #define RAVE_SP_MAX_DATA_SIZE64 > >> -#define RAVE_SP_CHECKSUM_SIZE2 /* Worst case scenario on > >> RDU2 */ > >> +#define RAVE_SP_CHECKSUM_8B2C1 > >> +#define RAVE_SP_CHECKSUM_CCITT 2 > >> +#define RAVE_SP_CHECKSUM_SIZERAVE_SP_CHECKSUM_CCITT > >> /* > >> * We don't store STX, ETX and unescaped bytes, so Rx is only > >> * DATA + CSUM > >> @@ -415,7 +417,12 @@ static void rave_sp_receive_frame(struct rave_sp *sp, > >> const size_t payload_length = length - checksum_length; > >> const u8 *crc_reported = [payload_length]; > >> struct device *dev = >serdev->dev; > >> - u8 crc_calculated[checksum_length]; > >> + u8 crc_calculated[RAVE_SP_CHECKSUM_SIZE]; > >> + > >> + if (unlikely(length > sizeof(crc_calculated))) { > > > > Forgive me if I have this wrong (it's still very early here), but this > > doesn't leave any room for the payload? > > > > <-- length --> > > <- payload length -> > > [CK][CK][D][A][T][A] .. [64] > > > > It is my hope that length would always be larger than the size of the > > checksum, or else there would never be any data? > > > > Should this not be: > > > > if (unlikely(length > RAVE_SP_MAX_DATA_SIZE)) > > Oh, whoops, no, this should be: > > + if (unlikely(checksum_lengh > sizeof(crc_calculated))) { > > (To validate the VLA max size.) That doesn't match the OP's error message though: dev_warn(dev, "Dropping oversized frame\n"); Which I assume is designed to complement the existing warning: if (unlikely(length <= checksum_length)) dev_warn(dev, "Dropping short frame\n"); -- Lee Jones [李琼斯] Linaro Services Technical Lead Linaro.org │ Open source software for ARM SoCs Follow Linaro: Facebook | Twitter | Blog
Re: [PATCH] rave-sp: Remove VLA
On Mon, Apr 23, 2018 at 10:43 PM, Lee Joneswrote: > On Mon, 23 Apr 2018, Kyle Spiers wrote: > >> As part of the effort to remove VLAs from the kernel[1], this creates >> constants for the checksum lengths of CCITT and 8B2C and changes >> crc_calculated to be the maximum size of a checksum. >> >> https://lkml.org/lkml/2018/3/7/621 >> >> Signed-off-by: Kyle Spiers >> --- >> drivers/mfd/rave-sp.c | 11 +-- >> 1 file changed, 9 insertions(+), 2 deletions(-) >> >> diff --git a/drivers/mfd/rave-sp.c b/drivers/mfd/rave-sp.c >> index 5c858e784a89..99fa482419f9 100644 >> --- a/drivers/mfd/rave-sp.c >> +++ b/drivers/mfd/rave-sp.c >> @@ -45,7 +45,9 @@ >> #define RAVE_SP_DLE 0x10 >> >> #define RAVE_SP_MAX_DATA_SIZE64 >> -#define RAVE_SP_CHECKSUM_SIZE2 /* Worst case scenario on >> RDU2 */ >> +#define RAVE_SP_CHECKSUM_8B2C1 >> +#define RAVE_SP_CHECKSUM_CCITT 2 >> +#define RAVE_SP_CHECKSUM_SIZERAVE_SP_CHECKSUM_CCITT >> /* >> * We don't store STX, ETX and unescaped bytes, so Rx is only >> * DATA + CSUM >> @@ -415,7 +417,12 @@ static void rave_sp_receive_frame(struct rave_sp *sp, >> const size_t payload_length = length - checksum_length; >> const u8 *crc_reported = [payload_length]; >> struct device *dev = >serdev->dev; >> - u8 crc_calculated[checksum_length]; >> + u8 crc_calculated[RAVE_SP_CHECKSUM_SIZE]; >> + >> + if (unlikely(length > sizeof(crc_calculated))) { > > Forgive me if I have this wrong (it's still very early here), but this > doesn't leave any room for the payload? > > <-- length --> > <- payload length -> > [CK][CK][D][A][T][A] .. [64] > > It is my hope that length would always be larger than the size of the > checksum, or else there would never be any data? > > Should this not be: > > if (unlikely(length > RAVE_SP_MAX_DATA_SIZE)) Oh, whoops, no, this should be: + if (unlikely(checksum_lengh > sizeof(crc_calculated))) { (To validate the VLA max size.) -Kees -- Kees Cook Pixel Security
Re: [PATCH] rave-sp: Remove VLA
On Mon, Apr 23, 2018 at 10:43 PM, Lee Jones wrote: > On Mon, 23 Apr 2018, Kyle Spiers wrote: > >> As part of the effort to remove VLAs from the kernel[1], this creates >> constants for the checksum lengths of CCITT and 8B2C and changes >> crc_calculated to be the maximum size of a checksum. >> >> https://lkml.org/lkml/2018/3/7/621 >> >> Signed-off-by: Kyle Spiers >> --- >> drivers/mfd/rave-sp.c | 11 +-- >> 1 file changed, 9 insertions(+), 2 deletions(-) >> >> diff --git a/drivers/mfd/rave-sp.c b/drivers/mfd/rave-sp.c >> index 5c858e784a89..99fa482419f9 100644 >> --- a/drivers/mfd/rave-sp.c >> +++ b/drivers/mfd/rave-sp.c >> @@ -45,7 +45,9 @@ >> #define RAVE_SP_DLE 0x10 >> >> #define RAVE_SP_MAX_DATA_SIZE64 >> -#define RAVE_SP_CHECKSUM_SIZE2 /* Worst case scenario on >> RDU2 */ >> +#define RAVE_SP_CHECKSUM_8B2C1 >> +#define RAVE_SP_CHECKSUM_CCITT 2 >> +#define RAVE_SP_CHECKSUM_SIZERAVE_SP_CHECKSUM_CCITT >> /* >> * We don't store STX, ETX and unescaped bytes, so Rx is only >> * DATA + CSUM >> @@ -415,7 +417,12 @@ static void rave_sp_receive_frame(struct rave_sp *sp, >> const size_t payload_length = length - checksum_length; >> const u8 *crc_reported = [payload_length]; >> struct device *dev = >serdev->dev; >> - u8 crc_calculated[checksum_length]; >> + u8 crc_calculated[RAVE_SP_CHECKSUM_SIZE]; >> + >> + if (unlikely(length > sizeof(crc_calculated))) { > > Forgive me if I have this wrong (it's still very early here), but this > doesn't leave any room for the payload? > > <-- length --> > <- payload length -> > [CK][CK][D][A][T][A] .. [64] > > It is my hope that length would always be larger than the size of the > checksum, or else there would never be any data? > > Should this not be: > > if (unlikely(length > RAVE_SP_MAX_DATA_SIZE)) Oh, whoops, no, this should be: + if (unlikely(checksum_lengh > sizeof(crc_calculated))) { (To validate the VLA max size.) -Kees -- Kees Cook Pixel Security
Re: [PATCH] rave-sp: Remove VLA
On Mon, 23 Apr 2018, Kyle Spiers wrote: > As part of the effort to remove VLAs from the kernel[1], this creates > constants for the checksum lengths of CCITT and 8B2C and changes > crc_calculated to be the maximum size of a checksum. > > https://lkml.org/lkml/2018/3/7/621 > > Signed-off-by: Kyle Spiers> --- > drivers/mfd/rave-sp.c | 11 +-- > 1 file changed, 9 insertions(+), 2 deletions(-) > > diff --git a/drivers/mfd/rave-sp.c b/drivers/mfd/rave-sp.c > index 5c858e784a89..99fa482419f9 100644 > --- a/drivers/mfd/rave-sp.c > +++ b/drivers/mfd/rave-sp.c > @@ -45,7 +45,9 @@ > #define RAVE_SP_DLE 0x10 > > #define RAVE_SP_MAX_DATA_SIZE64 > -#define RAVE_SP_CHECKSUM_SIZE2 /* Worst case scenario on > RDU2 */ > +#define RAVE_SP_CHECKSUM_8B2C1 > +#define RAVE_SP_CHECKSUM_CCITT 2 > +#define RAVE_SP_CHECKSUM_SIZERAVE_SP_CHECKSUM_CCITT > /* > * We don't store STX, ETX and unescaped bytes, so Rx is only > * DATA + CSUM > @@ -415,7 +417,12 @@ static void rave_sp_receive_frame(struct rave_sp *sp, > const size_t payload_length = length - checksum_length; > const u8 *crc_reported = [payload_length]; > struct device *dev = >serdev->dev; > - u8 crc_calculated[checksum_length]; > + u8 crc_calculated[RAVE_SP_CHECKSUM_SIZE]; > + > + if (unlikely(length > sizeof(crc_calculated))) { Forgive me if I have this wrong (it's still very early here), but this doesn't leave any room for the payload? <-- length --> <- payload length -> [CK][CK][D][A][T][A] .. [64] It is my hope that length would always be larger than the size of the checksum, or else there would never be any data? Should this not be: if (unlikely(length > RAVE_SP_MAX_DATA_SIZE)) Nit: Adding the check is also an unrelated change, so would require a separate patch. > + dev_warn(dev, "Dropping oversized frame\n"); > + return; > + } > > print_hex_dump(KERN_DEBUG, "rave-sp rx: ", DUMP_PREFIX_NONE, > 16, 1, data, length, false); -- Lee Jones [李琼斯] Linaro Services Technical Lead Linaro.org │ Open source software for ARM SoCs Follow Linaro: Facebook | Twitter | Blog
Re: [PATCH] rave-sp: Remove VLA
On Mon, 23 Apr 2018, Kyle Spiers wrote: > As part of the effort to remove VLAs from the kernel[1], this creates > constants for the checksum lengths of CCITT and 8B2C and changes > crc_calculated to be the maximum size of a checksum. > > https://lkml.org/lkml/2018/3/7/621 > > Signed-off-by: Kyle Spiers > --- > drivers/mfd/rave-sp.c | 11 +-- > 1 file changed, 9 insertions(+), 2 deletions(-) > > diff --git a/drivers/mfd/rave-sp.c b/drivers/mfd/rave-sp.c > index 5c858e784a89..99fa482419f9 100644 > --- a/drivers/mfd/rave-sp.c > +++ b/drivers/mfd/rave-sp.c > @@ -45,7 +45,9 @@ > #define RAVE_SP_DLE 0x10 > > #define RAVE_SP_MAX_DATA_SIZE64 > -#define RAVE_SP_CHECKSUM_SIZE2 /* Worst case scenario on > RDU2 */ > +#define RAVE_SP_CHECKSUM_8B2C1 > +#define RAVE_SP_CHECKSUM_CCITT 2 > +#define RAVE_SP_CHECKSUM_SIZERAVE_SP_CHECKSUM_CCITT > /* > * We don't store STX, ETX and unescaped bytes, so Rx is only > * DATA + CSUM > @@ -415,7 +417,12 @@ static void rave_sp_receive_frame(struct rave_sp *sp, > const size_t payload_length = length - checksum_length; > const u8 *crc_reported = [payload_length]; > struct device *dev = >serdev->dev; > - u8 crc_calculated[checksum_length]; > + u8 crc_calculated[RAVE_SP_CHECKSUM_SIZE]; > + > + if (unlikely(length > sizeof(crc_calculated))) { Forgive me if I have this wrong (it's still very early here), but this doesn't leave any room for the payload? <-- length --> <- payload length -> [CK][CK][D][A][T][A] .. [64] It is my hope that length would always be larger than the size of the checksum, or else there would never be any data? Should this not be: if (unlikely(length > RAVE_SP_MAX_DATA_SIZE)) Nit: Adding the check is also an unrelated change, so would require a separate patch. > + dev_warn(dev, "Dropping oversized frame\n"); > + return; > + } > > print_hex_dump(KERN_DEBUG, "rave-sp rx: ", DUMP_PREFIX_NONE, > 16, 1, data, length, false); -- Lee Jones [李琼斯] Linaro Services Technical Lead Linaro.org │ Open source software for ARM SoCs Follow Linaro: Facebook | Twitter | Blog
Re: [PATCH] rave-sp: Remove VLA
On Mon, Apr 23, 2018 at 1:02 PM, Kyle Spierswrote: > As part of the effort to remove VLAs from the kernel[1], this creates > constants for the checksum lengths of CCITT and 8B2C and changes > crc_calculated to be the maximum size of a checksum. > > https://lkml.org/lkml/2018/3/7/621 > > Signed-off-by: Kyle Spiers Reviewed-by: Kees Cook -Kees > --- > drivers/mfd/rave-sp.c | 11 +-- > 1 file changed, 9 insertions(+), 2 deletions(-) > > diff --git a/drivers/mfd/rave-sp.c b/drivers/mfd/rave-sp.c > index 5c858e784a89..99fa482419f9 100644 > --- a/drivers/mfd/rave-sp.c > +++ b/drivers/mfd/rave-sp.c > @@ -45,7 +45,9 @@ > #define RAVE_SP_DLE0x10 > > #define RAVE_SP_MAX_DATA_SIZE 64 > -#define RAVE_SP_CHECKSUM_SIZE 2 /* Worst case scenario on RDU2 */ > +#define RAVE_SP_CHECKSUM_8B2C 1 > +#define RAVE_SP_CHECKSUM_CCITT 2 > +#define RAVE_SP_CHECKSUM_SIZE RAVE_SP_CHECKSUM_CCITT > /* > * We don't store STX, ETX and unescaped bytes, so Rx is only > * DATA + CSUM > @@ -415,7 +417,12 @@ static void rave_sp_receive_frame(struct rave_sp *sp, > const size_t payload_length = length - checksum_length; > const u8 *crc_reported = [payload_length]; > struct device *dev = >serdev->dev; > - u8 crc_calculated[checksum_length]; > + u8 crc_calculated[RAVE_SP_CHECKSUM_SIZE]; > + > + if (unlikely(length > sizeof(crc_calculated))) { > + dev_warn(dev, "Dropping oversized frame\n"); > + return; > + } > > print_hex_dump(KERN_DEBUG, "rave-sp rx: ", DUMP_PREFIX_NONE, >16, 1, data, length, false); > -- > 2.17.0.484.g0c8726318c-goog > -- Kees Cook Pixel Security
Re: [PATCH] rave-sp: Remove VLA
On Mon, Apr 23, 2018 at 1:02 PM, Kyle Spiers wrote: > As part of the effort to remove VLAs from the kernel[1], this creates > constants for the checksum lengths of CCITT and 8B2C and changes > crc_calculated to be the maximum size of a checksum. > > https://lkml.org/lkml/2018/3/7/621 > > Signed-off-by: Kyle Spiers Reviewed-by: Kees Cook -Kees > --- > drivers/mfd/rave-sp.c | 11 +-- > 1 file changed, 9 insertions(+), 2 deletions(-) > > diff --git a/drivers/mfd/rave-sp.c b/drivers/mfd/rave-sp.c > index 5c858e784a89..99fa482419f9 100644 > --- a/drivers/mfd/rave-sp.c > +++ b/drivers/mfd/rave-sp.c > @@ -45,7 +45,9 @@ > #define RAVE_SP_DLE0x10 > > #define RAVE_SP_MAX_DATA_SIZE 64 > -#define RAVE_SP_CHECKSUM_SIZE 2 /* Worst case scenario on RDU2 */ > +#define RAVE_SP_CHECKSUM_8B2C 1 > +#define RAVE_SP_CHECKSUM_CCITT 2 > +#define RAVE_SP_CHECKSUM_SIZE RAVE_SP_CHECKSUM_CCITT > /* > * We don't store STX, ETX and unescaped bytes, so Rx is only > * DATA + CSUM > @@ -415,7 +417,12 @@ static void rave_sp_receive_frame(struct rave_sp *sp, > const size_t payload_length = length - checksum_length; > const u8 *crc_reported = [payload_length]; > struct device *dev = >serdev->dev; > - u8 crc_calculated[checksum_length]; > + u8 crc_calculated[RAVE_SP_CHECKSUM_SIZE]; > + > + if (unlikely(length > sizeof(crc_calculated))) { > + dev_warn(dev, "Dropping oversized frame\n"); > + return; > + } > > print_hex_dump(KERN_DEBUG, "rave-sp rx: ", DUMP_PREFIX_NONE, >16, 1, data, length, false); > -- > 2.17.0.484.g0c8726318c-goog > -- Kees Cook Pixel Security
[PATCH] rave-sp: Remove VLA
As part of the effort to remove VLAs from the kernel[1], this creates constants for the checksum lengths of CCITT and 8B2C and changes crc_calculated to be the maximum size of a checksum. https://lkml.org/lkml/2018/3/7/621 Signed-off-by: Kyle Spiers--- drivers/mfd/rave-sp.c | 11 +-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/drivers/mfd/rave-sp.c b/drivers/mfd/rave-sp.c index 5c858e784a89..99fa482419f9 100644 --- a/drivers/mfd/rave-sp.c +++ b/drivers/mfd/rave-sp.c @@ -45,7 +45,9 @@ #define RAVE_SP_DLE0x10 #define RAVE_SP_MAX_DATA_SIZE 64 -#define RAVE_SP_CHECKSUM_SIZE 2 /* Worst case scenario on RDU2 */ +#define RAVE_SP_CHECKSUM_8B2C 1 +#define RAVE_SP_CHECKSUM_CCITT 2 +#define RAVE_SP_CHECKSUM_SIZE RAVE_SP_CHECKSUM_CCITT /* * We don't store STX, ETX and unescaped bytes, so Rx is only * DATA + CSUM @@ -415,7 +417,12 @@ static void rave_sp_receive_frame(struct rave_sp *sp, const size_t payload_length = length - checksum_length; const u8 *crc_reported = [payload_length]; struct device *dev = >serdev->dev; - u8 crc_calculated[checksum_length]; + u8 crc_calculated[RAVE_SP_CHECKSUM_SIZE]; + + if (unlikely(length > sizeof(crc_calculated))) { + dev_warn(dev, "Dropping oversized frame\n"); + return; + } print_hex_dump(KERN_DEBUG, "rave-sp rx: ", DUMP_PREFIX_NONE, 16, 1, data, length, false); -- 2.17.0.484.g0c8726318c-goog
[PATCH] rave-sp: Remove VLA
As part of the effort to remove VLAs from the kernel[1], this creates constants for the checksum lengths of CCITT and 8B2C and changes crc_calculated to be the maximum size of a checksum. https://lkml.org/lkml/2018/3/7/621 Signed-off-by: Kyle Spiers --- drivers/mfd/rave-sp.c | 11 +-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/drivers/mfd/rave-sp.c b/drivers/mfd/rave-sp.c index 5c858e784a89..99fa482419f9 100644 --- a/drivers/mfd/rave-sp.c +++ b/drivers/mfd/rave-sp.c @@ -45,7 +45,9 @@ #define RAVE_SP_DLE0x10 #define RAVE_SP_MAX_DATA_SIZE 64 -#define RAVE_SP_CHECKSUM_SIZE 2 /* Worst case scenario on RDU2 */ +#define RAVE_SP_CHECKSUM_8B2C 1 +#define RAVE_SP_CHECKSUM_CCITT 2 +#define RAVE_SP_CHECKSUM_SIZE RAVE_SP_CHECKSUM_CCITT /* * We don't store STX, ETX and unescaped bytes, so Rx is only * DATA + CSUM @@ -415,7 +417,12 @@ static void rave_sp_receive_frame(struct rave_sp *sp, const size_t payload_length = length - checksum_length; const u8 *crc_reported = [payload_length]; struct device *dev = >serdev->dev; - u8 crc_calculated[checksum_length]; + u8 crc_calculated[RAVE_SP_CHECKSUM_SIZE]; + + if (unlikely(length > sizeof(crc_calculated))) { + dev_warn(dev, "Dropping oversized frame\n"); + return; + } print_hex_dump(KERN_DEBUG, "rave-sp rx: ", DUMP_PREFIX_NONE, 16, 1, data, length, false); -- 2.17.0.484.g0c8726318c-goog