Re: [PATCH v2] rslib: Remove VLAs by setting upper bound on nroots

From: Kees Cook
Date: Mon Mar 26 2018 - 19:18:04 EST

Next message: Matthew Wilcox: "Re: [PATCH v9 00/61] XArray v9"
Previous message: Kees Cook: "Re: [PATCH] ftrace: drop a VLA in module_exists()"
Next in thread: Andrew Morton: "Re: [PATCH v2] rslib: Remove VLAs by setting upper bound on nroots"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, Mar 16, 2018 at 11:25 PM, Kees Cook <keescook@xxxxxxxxxxxx> wrote:
> On Fri, Mar 16, 2018 at 3:59 PM, Andrew Morton
> <akpm@xxxxxxxxxxxxxxxxxxxx> wrote:
>> On Thu, 15 Mar 2018 15:59:19 -0700 Kees Cook <keescook@xxxxxxxxxxxx> wrote:
>>
>>> Avoid stack VLAs[1] by always allocating the upper bound of stack space
>>> needed. The existing users of rslib appear to max out at 24 roots[2],
>>> so use that as the upper bound until we have a reason to change it.
>>>
>>> Alternative considered: make init_rs() a true caller-instance and
>>> pre-allocate the workspaces. This would possibly need locking and
>>> a refactoring of the returned structure.
>>>
>>> Using kmalloc in this path doesn't look great, especially since at
>>> least one caller (pstore) is sensitive to allocations during rslib
>>> usage (it expects to run it during an Oops, for example).
>>
>> Oh.
>>
>> Could we allocate the storage during init_rs(), attach it to `struct
>> rs_control'?
>
> No, because they're modified during decode, and struct rs_control is
> shared between users. :(
>
> Doing those changes is possible, but it requires a rather extensive
> analysis of callers, etc.
>
> Hence, the 24 ultimately.

Can this land in -mm, or does this need further discussion?

-Kees

--
Kees Cook
Pixel Security

Next message: Matthew Wilcox: "Re: [PATCH v9 00/61] XArray v9"
Previous message: Kees Cook: "Re: [PATCH] ftrace: drop a VLA in module_exists()"
Next in thread: Andrew Morton: "Re: [PATCH v2] rslib: Remove VLAs by setting upper bound on nroots"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]