From patchwork Wed Mar  7 05:27:30 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Tobin Harding <me@tobin.cc>
X-Patchwork-Id: 10263383
Return-Path: 
 <kernel-hardening-return-12181-patchwork-kernel-hardening=patchwork.kernel.org@lists.openwall.com>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	D24DC60247 for <patchwork-kernel-hardening@patchwork.kernel.org>;
	Wed,  7 Mar 2018 05:28:21 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id C3587292C8
	for <patchwork-kernel-hardening@patchwork.kernel.org>;
	Wed,  7 Mar 2018 05:28:21 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id B801E292FA; Wed,  7 Mar 2018 05:28:21 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.3 required=2.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID, DKIM_VALID_AU,
	RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1
Received: from mother.openwall.net (mother.openwall.net [195.42.179.200])
	by mail.wl.linuxfoundation.org (Postfix) with SMTP id CC650292C8
	for <patchwork-kernel-hardening@patchwork.kernel.org>;
	Wed,  7 Mar 2018 05:28:20 +0000 (UTC)
Received: (qmail 1576 invoked by uid 550); 7 Mar 2018 05:28:00 -0000
Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm
Precedence: bulk
List-Post: <mailto:kernel-hardening@lists.openwall.com>
List-Help: <mailto:kernel-hardening-help@lists.openwall.com>
List-Unsubscribe: <mailto:kernel-hardening-unsubscribe@lists.openwall.com>
List-Subscribe: <mailto:kernel-hardening-subscribe@lists.openwall.com>
List-ID: <kernel-hardening.lists.openwall.com>
Delivered-To: mailing list kernel-hardening@lists.openwall.com
Received: (qmail 1537 invoked from network); 7 Mar 2018 05:27:59 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tobin.cc; h=cc
	:date:from:in-reply-to:message-id:references:subject:to
	:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=Qwsx4JCQj6ruQY03g
	zAe6W/u3GxZxQeS0KQvicpQeFg=; b=q6J2ujvxQI0tsL7BvMApUokmlUSuNKdg8
	a8sxsPl0ykeRt7iwSMA9wySy8SOGpBH66Y33/cESJ53KG1xZwnOxjYzIHhFFfzrG
	WMAjR9aFxbJnJi1sLeKf+PI8whyclyr0M7Q4njrgSWT1i4L/6GVHhKhe+wwZZIje
	tkA0VxC+qJBEiLCxPFHXWiDB8/Knc1MdtKNoI0IsAxlu2qN53AbFHUlBZbxLLtG4
	B3QpwaJ6Nl7nPk/ra43OTBtQQXgWNvDZ8qsx7DcTpLGPPUJEnOhWyrLuHiSVEBlV
	gFZlxTrjM4b+CVs9hlbpE/q5sRstI141I706j5P/m0i31fBWYNkGw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
	messagingengine.com; h=cc:date:from:in-reply-to:message-id
	:references:subject:to:x-me-sender:x-me-sender:x-sasl-enc; s=
	fm2; bh=Qwsx4JCQj6ruQY03gzAe6W/u3GxZxQeS0KQvicpQeFg=; b=NZgzIAyZ
	ThadJeIH9ZL5z/kp4PToIdQ0/We7XC2H2F0lXCPwKPMBlohmc4ACt7ZZ0BSPA/PZ
	WfogMaGzalncOUg9zmD8EjkISbNC1b3oLbJ1IL9hNyODfXjsYsqos4QQaVyD8hiE
	U5wnioEiG6qUDNGftMp8O9MNRS3rOAQx2W4UU0ryk9qzTZiqUMuNhWfC2KBi3c68
	Uy+HjPdZ0cIUfS4xnktx0l+I03EnLXb4jI3bK0rnkSOdDRoHNFufxkzCYbGKuAJL
	kiccOW0fp8ZcnLyO5XHpRcYewzFtxQBSlD7/4+rusUEkYf68AniqHeikPS7GVCF1
	WWHDiec2E/figg==
X-ME-Sender: <xms:VHifWgbdslZYaGGf7dP6qCFDLxG3so__rYhZSIIwFhWjZG-lYmJCFQ>
From: "Tobin C. Harding" <me@tobin.cc>
To: Kernel Hardening <kernel-hardening@lists.openwall.com>,
	Tycho Andersen <tycho@tycho.ws>
Cc: "Tobin C. Harding" <me@tobin.cc>, Kees Cook <keescook@chromium.org>,
	Oleg Drokin <oleg.drokin@intel.com>,
	Andreas Dilger <andreas.dilger@intel.com>,
	James Simmons <jsimmons@infradead.org>,
	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Subject: [PATCH 1/2] vla: define new safe vla macros
Date: Wed,  7 Mar 2018 16:27:30 +1100
Message-Id: <1520400451-11475-2-git-send-email-me@tobin.cc>
X-Mailer: git-send-email 2.7.4
In-Reply-To: <1520400451-11475-1-git-send-email-me@tobin.cc>
References: <1520400451-11475-1-git-send-email-me@tobin.cc>
X-Virus-Scanned: ClamAV using ClamSMTP

We would like to get rid of VLAs all together but in the mean time we
can make their usage safer.

Define a macro to use for declaring a VLA.  Macro includes requested
'size' and 'max' allowed.  Macro allocates storage for an array
equivalent to

	int array[min(size, max)];

We also define a macro to check whether maximum size was reached.

Signed-off-by: Tobin C. Harding <me@tobin.cc>
---
 include/linux/vla.h | 15 +++++++++++++++
 1 file changed, 15 insertions(+)
 create mode 100644 include/linux/vla.h

diff --git a/include/linux/vla.h b/include/linux/vla.h
new file mode 100644
index 000000000000..ca0510d5e416
--- /dev/null
+++ b/include/linux/vla.h
@@ -0,0 +1,15 @@
+/* SPDX-License-Identifier: GPL-2.0 */
+#ifndef _LINUX_VLA_H
+#define _LINUX_VLA_H
+
+#define VLA_DEFAULT_MAX 256
+
+/* evaluates 'size' and 'max' twice */
+#define VLA_SAFE(type, vla, size, max) type vla[(size) < (max) ? (size) : (max)]
+
+#define VLA_WARN_OVERSIZE(vla, size)				\
+do {								\
+	WARN(sizeof(vla) < size, "vla maximum exceeded\n");	\
+} while (0)
+
+#endif	/* _LINUX_VLA_H */