On Fri, Mar 16, 2018 at 11:25 PM, Kees Cook <[email protected]> wrote: > On Fri, Mar 16, 2018 at 3:59 PM, Andrew Morton > <[email protected]> wrote: >> On Thu, 15 Mar 2018 15:59:19 -0700 Kees Cook <[email protected]> wrote: >> >>> Avoid stack VLAs[1] by always allocating the upper bound of stack space >>> needed. The existing users of rslib appear to max out at 24 roots[2], >>> so use that as the upper bound until we have a reason to change it. >>> >>> Alternative considered: make init_rs() a true caller-instance and >>> pre-allocate the workspaces. This would possibly need locking and >>> a refactoring of the returned structure. >>> >>> Using kmalloc in this path doesn't look great, especially since at >>> least one caller (pstore) is sensitive to allocations during rslib >>> usage (it expects to run it during an Oops, for example). >> >> Oh. >> >> Could we allocate the storage during init_rs(), attach it to `struct >> rs_control'? > > No, because they're modified during decode, and struct rs_control is > shared between users. :( > > Doing those changes is possible, but it requires a rather extensive > analysis of callers, etc. > > Hence, the 24 ultimately.
Can this land in -mm, or does this need further discussion? -Kees -- Kees Cook Pixel Security
