Re: [PATCH] mmc: pwrseq: Use kmalloc_array instead of stack VLA
From: Kees Cook
Date: Wed Apr 04 2018 - 12:23:15 EST
On Wed, Apr 4, 2018 at 5:45 AM, Ulf Hansson <ulf.hansson@xxxxxxxxxx> wrote:
> On 26 March 2018 at 08:33, Tobin C. Harding <me@xxxxxxxx> wrote:
>> The use of stack Variable Length Arrays needs to be avoided, as they
>> can be a vector for stack exhaustion, which can be both a runtime bug
>> (kernel Oops) or a security flaw (overwriting memory beyond the
>> stack). Also, in general, as code evolves it is easy to lose track of
>> how big a VLA can get. Thus, we can end up having runtime failures
>> that are hard to debug. As part of the directive[1] to remove all VLAs
>> from the kernel, and build with -Wvla.
>>
>> Currently driver is using a VLA declared using the number of descriptors. This
>> array is used to store integer values and is later used as an argument to
>> `gpiod_set_array_value_cansleep()` This can be avoided by using
>> `kmalloc_array()` to allocate memory for the array of integer values. Memory is
>> free'd before return from function.
>>
>> From the code it appears that it is safe to sleep so we can use GFP_KERNEL
>> (based _cansleep() suffix of function `gpiod_set_array_value_cansleep()`.
>>
>> It can be expected that this patch will result in a small increase in overhead
>> due to the use of `kmalloc_array()`
>>
>> [1] https://lkml.org/lkml/2018/3/7/621
>>
>> Signed-off-by: Tobin C. Harding <me@xxxxxxxx>
>
> Thanks, queued for 3.18!
Time travel! ;)
-Kees
--
Kees Cook
Pixel Security