On Wed, Apr 4, 2018 at 5:45 AM, Ulf Hansson <ulf.hans...@linaro.org> wrote:
> On 26 March 2018 at 08:33, Tobin C. Harding <m...@tobin.cc> wrote:
>> The use of stack Variable Length Arrays needs to be avoided, as they
>> can be a vector for stack exhaustion, which can be both a runtime bug
>> (kernel Oops) or a security flaw (overwriting memory beyond the
>> stack). Also, in general, as code evolves it is easy to lose track of
>> how big a VLA can get. Thus, we can end up having runtime failures
>> that are hard to debug. As part of the directive[1] to remove all VLAs
>> from the kernel, and build with -Wvla.
>> Currently driver is using a VLA declared using the number of descriptors.  
>> This
>> array is used to store integer values and is later used as an argument to
>> `gpiod_set_array_value_cansleep()` This can be avoided by using
>> `kmalloc_array()` to allocate memory for the array of integer values.  
>> Memory is
>> free'd before return from function.
>> From the code it appears that it is safe to sleep so we can use GFP_KERNEL
>> (based _cansleep() suffix of function `gpiod_set_array_value_cansleep()`.
>> It can be expected that this patch will result in a small increase in 
>> overhead
>> due to the use of `kmalloc_array()`
>> [1] https://lkml.org/lkml/2018/3/7/621
>> Signed-off-by: Tobin C. Harding <m...@tobin.cc>
> Thanks, queued for 3.18!

Time travel! ;)


Kees Cook
Pixel Security

Reply via email to