Received: by 2002:ac0:a594:0:0:0:0:0 with SMTP id m20-v6csp1406681imm; Wed, 23 May 2018 15:48:40 -0700 (PDT) X-Google-Smtp-Source: AB8JxZqCH1+T2SEFPj2Oqk7br0wAkAG3mLBPUE7kqYJwvj5zIoSy9gQfvsR0tTlcw5ktqOCpPvnV X-Received: by 2002:a62:1e02:: with SMTP id e2-v6mr4663234pfe.212.1527115720601; Wed, 23 May 2018 15:48:40 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1527115720; cv=none; d=google.com; s=arc-20160816; b=GlF0OKTcEMBinHFSaAwgxGrm9Hf4Xh6u+osmZd6w99NzCmPB7hT32pYRd7K10p1f9O ZL/mJiegDLOqxj5+rCUb+cl7XAT4Txop0bbdMRhIKM0NajDuqoaUCO1EvlWoWdqotoR/ I/so0yHxFf6RNVPlKpA8zCCOQCfCsJenskfC4MPjs5cSVD/ztCL5Vn/0GcmTscCtL41L X5fEihTD0++z+1AaFKxjtcUo+G4W3/u7Wublsx194fwH2Erc67NMW154ulnent0VbZ1V NMSkssp/iHVEA4BmOJRTzLxSmTeQnPuTvJ4FFJlf5AaYCcnnl+TSWGnASofkpLCo8IBN Hj1w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version:dkim-signature:dkim-signature :arc-authentication-results; bh=qjzf0AA8qGGSaL/n+OSMNQeMSKNpq0PHTiyPv8Ap44g=; b=lgwZH/qqfNCmTnJt57OV1aLUlyNme0znaKcYcBNFOLS3rQmNLATvZoImaQ6SDq4QpK +M8030cvKiY4/skBEc9MW44+JgQMFexcZhJm2gtk4njRThlYsYrdytS9xWxj/rqCjVV1 kzZoU/n8HTo7JZ7BIp39TNXtAjWTnuHBRbL/OLlR45NCMN6NFgiML0hm/Mag5jFe1szr zFKxEv99X8pXcBs/vegknsTShBo57n2xkjBqcYaBWrouq3ea+/wbfrFPMq/zmi5enEW0 PLesjOvwzIrvAGS2LzxmHpqRWJ9ji0gJTUsjnLrC9vON4bhMUmsQkpwzf5vehlQZXWiO DYpQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@google.com header.s=20161025 header.b=NiEiqluj; dkim=fail header.i=@chromium.org header.s=google header.b=lDFKohQN; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id j20-v6si20079984pfa.57.2018.05.23.15.48.25; Wed, 23 May 2018 15:48:40 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=fail header.i=@google.com header.s=20161025 header.b=NiEiqluj; dkim=fail header.i=@chromium.org header.s=google header.b=lDFKohQN; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S934921AbeEWWsP (ORCPT + 99 others); Wed, 23 May 2018 18:48:15 -0400 Received: from mail-ua0-f194.google.com ([209.85.217.194]:40510 "EHLO mail-ua0-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S934544AbeEWWsO (ORCPT ); Wed, 23 May 2018 18:48:14 -0400 Received: by mail-ua0-f194.google.com with SMTP id g9-v6so15902732uak.7 for ; Wed, 23 May 2018 15:48:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=qjzf0AA8qGGSaL/n+OSMNQeMSKNpq0PHTiyPv8Ap44g=; b=NiEiqlujt+miMy5bNpMxDxN0DKBFTW+wYaDRgStF4IMpolr6Q6mdLHgI2X+/ZvRLhi Y6EWmWNN/oZF6Xe9rV5wdWLqvS+J8Ib7PQ7XDQSiKci7Agw9rByUCneFReDFHb/L/Ap6 yJjdEFBN9e3WL/JAGE1l4zeucdGOWByid+OX1H4Mgwi0QalbPR6hPZ0F6T5MS+ym57bq 6U2uCiWRh+D57hD8cpCUAdGCWe0E1PGSWbACGrH+768pm3E5Q6AwUVhYgAZGS9aAPSo3 yDBX7qd0fOrkyfa8dIc/KbVIyI3PZNS+YvpYo/eozHCalLQptaPvX4vyueKbexJphyp3 mFbA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=qjzf0AA8qGGSaL/n+OSMNQeMSKNpq0PHTiyPv8Ap44g=; b=lDFKohQNJr47XTh06Ft7t4A3F6aWF5GIsz4pfD0C8CIDs1Me6fqxl+okRRuJfGLeXu tcueTcc5YU+6AEeKRFyXmRcptUsEQa9Fl0Ydd0I9I0S0gijhF+eQgiqhSoSptwrzAaCn uxGN1TbCQVoQmV7HtWekrbEhgUs2fFGOYX8xg= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=qjzf0AA8qGGSaL/n+OSMNQeMSKNpq0PHTiyPv8Ap44g=; b=hLf5rnkZrfEIPRYXw0+z4VMliNm1JKkXy7i/CCprP4RKQK/qMLFz5a8kZAAMwJ2ulT H5O0AddL0XCPeYM/g4HjCWcB3nu1qVq0o9GZsk5XvpgXhGEi4874Qv72llHCr7F8IGG4 +IGXvmX9Zj8unpmmrzbJIyn1CvZ1FWhCpq1eatJxlsji/s7gKfgltF9U82+LpP2kO25S awZvLeddr61XDAs4cKp5iR/TH7tBjggwfsDaGIVjfjSXwNMztUBeyBtUrwVt+JurgCoi fkkzDnF/P715CEocd9LIrT3yAe1i0EX/sbCtyfuDbwGLjWPmPDpNTkd9jhztawySxjy0 2RWg== X-Gm-Message-State: ALKqPweUJwlHLBihmeh24oVTD9rvzWc1W+E2RqUyn8KlKa7R0XEtLw9B fZgt9aMWI2zoJ63zNrkIx17kgCL2qVgP46SkzivHMQ== X-Received: by 2002:a9f:3bd5:: with SMTP id y21-v6mr3265017uah.167.1527115693200; Wed, 23 May 2018 15:48:13 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:a1f:bd1:0:0:0:0:0 with HTTP; Wed, 23 May 2018 15:48:12 -0700 (PDT) In-Reply-To: References: <20180313162411.GA1983@embeddedgus> <20180314110834.GB8564@ulmo> From: Kees Cook Date: Wed, 23 May 2018 15:48:12 -0700 X-Google-Sender-Auth: xLD7YV5Bjof2xLwrG0_9hnyPAW4 Message-ID: Subject: Re: [PATCH v2] drm/nouveau/secboot: remove VLA usage To: Ben Skeggs , Daniel Vetter Cc: Thierry Reding , "Gustavo A. R. Silva" , David Airlie , nouveau@lists.freedesktop.org, LKML , Maling list - DRI developers , David Laight , Ben Skeggs Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Apr 26, 2018 at 4:25 PM, Kees Cook wrote: > On Thu, Mar 15, 2018 at 7:05 PM, Ben Skeggs wrote: >> On 14 March 2018 at 21:08, Thierry Reding wrote: >>> On Tue, Mar 13, 2018 at 11:24:11AM -0500, Gustavo A. R. Silva wrote: >>>> In preparation to enabling -Wvla, remove VLA. In this particular >>>> case directly use macro NVKM_MSGQUEUE_CMDLINE_SIZE instead of local >>>> variable cmdline_size. Also, remove cmdline_size as it is not >>>> actually useful anymore. >>>> >>>> The use of stack Variable Length Arrays needs to be avoided, as they >>>> can be a vector for stack exhaustion, which can be both a runtime bug >>>> or a security flaw. Also, in general, as code evolves it is easy to >>>> lose track of how big a VLA can get. Thus, we can end up having runtime >>>> failures that are hard to debug. >>>> >>>> Also, fixed as part of the directive to remove all VLAs from >>>> the kernel: https://lkml.org/lkml/2018/3/7/621 >>>> >>>> Signed-off-by: Gustavo A. R. Silva >>>> --- >>>> Changes in v2: >>>> - Use sizeof(buf) instead of NVKM_MSGQUEUE_CMDLINE_SIZE. This change >>>> is based on the feedback provided by David Laight. Thanks David. >>>> >>>> drivers/gpu/drm/nouveau/nvkm/subdev/secboot/ls_ucode_msgqueue.c | 7 +++---- >>>> 1 file changed, 3 insertions(+), 4 deletions(-) >>> >>> Reviewed-by: Thierry Reding >> Thanks everyone. I've taken the patch in my tree. > > Hi! > > Just checking in on this -- I don't see this patch in linux-next. Is > this queued somewhere else? Hi, it's been another month; I still don't see this in linux-next. Daniel, can this go via drm-misc? -Kees -- Kees Cook Pixel Security