Received: by 2002:ac0:a594:0:0:0:0:0 with SMTP id m20-v6csp1498538imm; Wed, 23 May 2018 17:54:35 -0700 (PDT) X-Google-Smtp-Source: AB8JxZrGO7JPO5wFz3mqAV3tdxSwBHOr9QTG17D6MopwavRmWHeuK8lvZREWYof9Y6R0Cf1UfWgP X-Received: by 2002:a63:7253:: with SMTP id c19-v6mr2912154pgn.423.1527123275623; Wed, 23 May 2018 17:54:35 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1527123275; cv=none; d=google.com; s=arc-20160816; b=F9UC93P8jzjScN7G5PKaBkCh6S/wcFPtWzupu+YyUs80LpYKY1qgMwMYxTBfNfNxaT tWcBzdlJn8TevuQQYwIl/mfRzR9Es/b2bgyfTVl/wbcLgFQvWGDOz8jVV6uB4t3L/8lX T7Ke+StEgUFAPdtL1xvpczc0no1Q/rIHQrj0S6bzwUc9T9wHDT72u++Bk0c20WbD1xkC a30Q53hXVzuxjZu/+neZ29TNut3crFsk2dpDN40Kj8kSOnGSzw4TBQySggxOHGIpPlBI SiIDeUHCDRQ9D9SZRJWNAb2OutOD1Sh+sGq0AaxF6yxjQ2U2mWy/xBjraamF0N0xq7O4 8Kww== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version:dkim-signature:dkim-signature :arc-authentication-results; bh=TzDvWW/QyKtelZbUwPS2ZEul5+LhbjqHZ8ICKO0TLTw=; b=OAbztDLeTzYd7WOwak1GAeCgCRkvvqWj+8UgwZYoWsczWwsEInyeGG/EUOhKK3BPt/ VbCUi/bBEdWXaimagdQFeYTA3p4L4QuTq6y0xM0nSXV/vZgZEXA5WmLIVh8P4B3yyimE PJ/IX0h5N+OOKnD/Tj6uShxoYjGmzO5ATEJEtx9tzQh38Vl4QBA+JkohKP/CQk4RUXfB wLMkQmFhh4nJ/TDUcckVBp0SB2c2mnn/3kBMBARBk6mGsJYlytCMS9KQnuiyOzmL1LCV e18Uft/YkM0bjdrG7Y45lewXFwvChc/noP3CuiyhOhgwX/KnkvLzhaTFUFSDdepWDeVy c+zg== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@google.com header.s=20161025 header.b=KbA8ochl; dkim=fail header.i=@chromium.org header.s=google header.b=DIzEfKOu; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id e12-v6si16077301pgn.155.2018.05.23.17.54.06; Wed, 23 May 2018 17:54:35 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=fail header.i=@google.com header.s=20161025 header.b=KbA8ochl; dkim=fail header.i=@chromium.org header.s=google header.b=DIzEfKOu; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S935158AbeEXAr3 (ORCPT + 99 others); Wed, 23 May 2018 20:47:29 -0400 Received: from mail-vk0-f68.google.com ([209.85.213.68]:45870 "EHLO mail-vk0-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S935060AbeEXAr1 (ORCPT ); Wed, 23 May 2018 20:47:27 -0400 Received: by mail-vk0-f68.google.com with SMTP id n134-v6so14287358vke.12 for ; Wed, 23 May 2018 17:47:26 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=TzDvWW/QyKtelZbUwPS2ZEul5+LhbjqHZ8ICKO0TLTw=; b=KbA8ochlSqHyxBdUCpe02ZIpNeANxcOuHYMhXWwyN56YYpMeE62GD/rafsWdSaOkuB jQfxAQaHOaGKqiD6tl2l/x3l4NWyHwTjT/GK5yJXtBOZnexJvR4ilvmwtfCSzcGNF837 pcgqRr1goMn17q0xrnAPZTN5nSTO691plY4P22w65E8Oxvj5nb/61EDFaW9pHdBoLvbt j15iL8s532kRBLdLQkn3GgXXLdboYxJKITzbdXHsMQG/BJiQYcAi4v20iaCi2F5ajzUo g4ePSq/7WnWgKF4H3EADRUfAuqxlk7GcW6CYhUIyGTFJ6t2vNeBR/FNkm63MQTZBsY8w qf3w== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=TzDvWW/QyKtelZbUwPS2ZEul5+LhbjqHZ8ICKO0TLTw=; b=DIzEfKOuytWh5m6+PGayysC7FKGlkDkhVaeeiuMHHaiF/YPdKxIPKuLR5RHplvBBjo PoJaB5zYG/2OxwvZqxFgCmzHQH3NplrAruA/K2PWqjL7IbLRvh7D86ryeJcp1KKeEcDx kxFLM4I56c3k5wo4AFjB+64mySV4d/s3XsouE= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=TzDvWW/QyKtelZbUwPS2ZEul5+LhbjqHZ8ICKO0TLTw=; b=DM8OfBCqudj5sRK+bXWWjlf0yw4k/XVtWTlzGZp/HOpRJPZc8uj+nRPntQYr603ZeF OWtGy+pHDNtgmMtLobElCYDB4fzz+9JSqUyxs6Kkja+kHqtkiYqNikvGRTCQcO81Bg1f 2nq/CZQMuPC89zborqZ7AcHQalTNox5weCYnx3Qg1bzMNrZ1RQplR9t3vcrwPSww0Ux5 ky97oJtQWx0We7qSPt0eV52X1Axbsb0k2Gf6Jut0zPu3cQ5eQYhL1bWltc1BzMnbGnje Rb4T8Ph82OAm5QdQE/V+iSSFpXDW4I2cc4xfQTiEYw5JPx5hWTayz/SMCxu646lslcCf stBQ== X-Gm-Message-State: ALKqPwc4pwUujtHQ5QTsvDZdRRXLzDZGx8zH1wAMt2b98BNUpv4LWxcX xgJ/Hw/wRAzkrhtZcQk4gihaZCW7sWMncwgoUH59xA== X-Received: by 2002:a1f:3096:: with SMTP id w144-v6mr3267760vkw.121.1527122845989; Wed, 23 May 2018 17:47:25 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:a1f:bd1:0:0:0:0:0 with HTTP; Wed, 23 May 2018 17:47:24 -0700 (PDT) In-Reply-To: References: <20180313162411.GA1983@embeddedgus> <20180314110834.GB8564@ulmo> From: Kees Cook Date: Wed, 23 May 2018 17:47:24 -0700 X-Google-Sender-Auth: QVb63A5Wh5n5K-6bDjnu-MrO-Xw Message-ID: Subject: Re: [PATCH v2] drm/nouveau/secboot: remove VLA usage To: Ben Skeggs Cc: Ben Skeggs , Daniel Vetter , Thierry Reding , "Gustavo A. R. Silva" , David Airlie , nouveau , LKML , Maling list - DRI developers , David Laight Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, May 23, 2018 at 5:36 PM, Ben Skeggs wrote: > On Thu, May 24, 2018 at 8:48 AM, Kees Cook wrote: >> On Thu, Apr 26, 2018 at 4:25 PM, Kees Cook wrote: >>> On Thu, Mar 15, 2018 at 7:05 PM, Ben Skeggs wrote: >>>> On 14 March 2018 at 21:08, Thierry Reding wrote: >>>>> On Tue, Mar 13, 2018 at 11:24:11AM -0500, Gustavo A. R. Silva wrote: >>>>>> In preparation to enabling -Wvla, remove VLA. In this particular >>>>>> case directly use macro NVKM_MSGQUEUE_CMDLINE_SIZE instead of local >>>>>> variable cmdline_size. Also, remove cmdline_size as it is not >>>>>> actually useful anymore. >>>>>> >>>>>> The use of stack Variable Length Arrays needs to be avoided, as they >>>>>> can be a vector for stack exhaustion, which can be both a runtime bug >>>>>> or a security flaw. Also, in general, as code evolves it is easy to >>>>>> lose track of how big a VLA can get. Thus, we can end up having runtime >>>>>> failures that are hard to debug. >>>>>> >>>>>> Also, fixed as part of the directive to remove all VLAs from >>>>>> the kernel: https://lkml.org/lkml/2018/3/7/621 >>>>>> >>>>>> Signed-off-by: Gustavo A. R. Silva >>>>>> --- >>>>>> Changes in v2: >>>>>> - Use sizeof(buf) instead of NVKM_MSGQUEUE_CMDLINE_SIZE. This change >>>>>> is based on the feedback provided by David Laight. Thanks David. >>>>>> >>>>>> drivers/gpu/drm/nouveau/nvkm/subdev/secboot/ls_ucode_msgqueue.c | 7 +++---- >>>>>> 1 file changed, 3 insertions(+), 4 deletions(-) >>>>> >>>>> Reviewed-by: Thierry Reding >>>> Thanks everyone. I've taken the patch in my tree. >>> >>> Hi! >>> >>> Just checking in on this -- I don't see this patch in linux-next. Is >>> this queued somewhere else? >> >> Hi, it's been another month; I still don't see this in linux-next. >> Daniel, can this go via drm-misc? > It's already queued in drm-next. Ah-ha, great, thanks! Looks like I just got unlucky with linux-next pausing on the 17th and this getting committed on the 18th. :) But, yes, I see it now: https://cgit.freedesktop.org/drm/drm/commit/drivers/gpu/drm/nouveau/nvkm/subdev/secboot/ls_ucode_msgqueue.c?id=7bf5b70befd7817b9e42acbd2291b2042ea1bf81 -Kees -- Kees Cook Pixel Security