From patchwork Wed Mar 7 23:40:19 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrew Morton X-Patchwork-Id: 10265637 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id AE08B602C8 for ; Wed, 7 Mar 2018 23:40:37 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id A0A5C292FC for ; Wed, 7 Mar 2018 23:40:37 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 948F8295E8; Wed, 7 Mar 2018 23:40:37 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.2 required=2.0 tests=BAYES_00, RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from mother.openwall.net (mother.openwall.net [195.42.179.200]) by mail.wl.linuxfoundation.org (Postfix) with SMTP id 9939B292FC for ; Wed, 7 Mar 2018 23:40:35 +0000 (UTC) Received: (qmail 22005 invoked by uid 550); 7 Mar 2018 23:40:34 -0000 Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Delivered-To: mailing list kernel-hardening@lists.openwall.com Received: (qmail 21966 invoked from network); 7 Mar 2018 23:40:33 -0000 Date: Wed, 7 Mar 2018 15:40:19 -0800 From: Andrew Morton To: Kees Cook Cc: "Tobin C. Harding" , Jonathan Corbet , Pantelis Antoniou , "Steven Rostedt (VMware)" , kernel-hardening@lists.openwall.com, linux-kernel@vger.kernel.org, "Gustavo A. R. Silva" Subject: Re: [PATCH] vsprintf: Remove accidental VLA usage Message-Id: <20180307154019.e39890b5f8aa98cf25532cf1@linux-foundation.org> In-Reply-To: <20180307230714.GA20797@beast> References: <20180307230714.GA20797@beast> X-Mailer: Sylpheed 3.6.0 (GTK+ 2.24.31; x86_64-pc-linux-gnu) Mime-Version: 1.0 X-Virus-Scanned: ClamAV using ClamSMTP On Wed, 7 Mar 2018 15:07:14 -0800 Kees Cook wrote: > The "sym" calculation is actually a fixed size, but since the max() > macro uses some extensive tricks for safety, it ends up looking like a > variable size. This replaces max() with a simple max macro which is > sufficient for the calculation of the array size. > > Seen with -Wvla. Fixed as part of the directive to remove all VLAs from > the kernel: https://lkml.org/lkml/2018/3/7/621 > > ... > > --- a/lib/vsprintf.c > +++ b/lib/vsprintf.c > @@ -744,8 +744,9 @@ char *resource_string(char *buf, char *end, struct resource *res, > #define FLAG_BUF_SIZE (2 * sizeof(res->flags)) > #define DECODED_BUF_SIZE sizeof("[mem - 64bit pref window disabled]") > #define RAW_BUF_SIZE sizeof("[mem - flags 0x]") > - char sym[max(2*RSRC_BUF_SIZE + DECODED_BUF_SIZE, > - 2*RSRC_BUF_SIZE + FLAG_BUF_SIZE + RAW_BUF_SIZE)]; > +#define SIMPLE_MAX(x, y) ((x) > (y) ? (x) : (y)) > + char sym[SIMPLE_MAX(2*RSRC_BUF_SIZE + DECODED_BUF_SIZE, > + 2*RSRC_BUF_SIZE + FLAG_BUF_SIZE + RAW_BUF_SIZE)]; > > char *p = sym, *pend = sym + sizeof(sym); > int decode = (fmt[0] == 'R') ? 1 : 0; A year from now I'll be receiving an email titled [patch] lib/vsprintf.c: use standard max() macro won't I? --- a/lib/vsprintf.c~vsprintf-remove-accidental-vla-usage-fix +++ a/lib/vsprintf.c @@ -754,6 +754,7 @@ char *resource_string(char *buf, char *e #define FLAG_BUF_SIZE (2 * sizeof(res->flags)) #define DECODED_BUF_SIZE sizeof("[mem - 64bit pref window disabled]") #define RAW_BUF_SIZE sizeof("[mem - flags 0x]") +/* regular max() tricks gcc into creating a variable length array */ #define SIMPLE_MAX(x, y) ((x) > (y) ? (x) : (y)) char sym[SIMPLE_MAX(2*RSRC_BUF_SIZE + DECODED_BUF_SIZE, 2*RSRC_BUF_SIZE + FLAG_BUF_SIZE + RAW_BUF_SIZE)];