From patchwork Sat Mar 10 22:34:50 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 10274447 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id D8D9760594 for ; Sat, 10 Mar 2018 22:35:09 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id B59EB294FB for ; Sat, 10 Mar 2018 22:35:09 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id A762E29569; Sat, 10 Mar 2018 22:35:09 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.3 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from mother.openwall.net (mother.openwall.net [195.42.179.200]) by mail.wl.linuxfoundation.org (Postfix) with SMTP id 05C33294FB for ; Sat, 10 Mar 2018 22:35:07 +0000 (UTC) Received: (qmail 23687 invoked by uid 550); 10 Mar 2018 22:35:06 -0000 Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Delivered-To: mailing list kernel-hardening@lists.openwall.com Received: (qmail 23651 invoked from network); 10 Mar 2018 22:35:05 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=date:from:to:cc:subject:message-id:mime-version:content-disposition; bh=40IQ87i52YMrRz2MXO41JiyxTPIlOU8hf8BDbTvBIjc=; b=BfeIM1TTXa6AH6ac4h1dt1tJk1aat6S6wwlblvwnMWsr3kssomvXeXRC7guwDvdZya EPOc0cWrnLcT4KjGnvrWTxTyE2VqNa7smcwxHiczSdh0SZrNwIrdbxBQSebee/k27Ft8 yj+amKDV9FZ1nOjeI07NaM7YCBsPM43adHTC0= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:mime-version :content-disposition; bh=40IQ87i52YMrRz2MXO41JiyxTPIlOU8hf8BDbTvBIjc=; b=XVM8nNhw9IT8BbmXlChxYUCKmpFfHtw1OfzCkb7FCbDqXqzA6Ep+bLrW8+ipfbL7+/ bghy1T466W1ByM2JT8aC9QI7wZDvIr1eTDzCUceo0djqrN0bCisS2v3bdvVoRsKBH8nR INnxvNsk/dA66x42LjSpnPt+5fFQ62b6fK8IaIAxGEuOWpbXz5/XRMgmADNhD8hKGUdv /2t/OchHF1ylPCrPN9SF0lhJFJkmFJSFpdSHDahPifisfMbL7UsPpeRnb+UP0cq8CUhr y2NZOBP/Koy7qYgh4ual1kgpaTRWSljerKXWwzmBWjPvd6mLKCJ/zmUn+86zKL7PRRq7 Cm0Q== X-Gm-Message-State: AElRT7FDhNBiyplc8LCstT71tOasd9b/B7Un3Z9L09Kt1Cgu8QBSP+lQ J1MglQvzkNJdGa5xhMAtBfMv0w== X-Google-Smtp-Source: AG47ELsUBtgka6PeL6jEUb5DFPg3c/4VYKCPwtyaiq0AccDs4rZI5mmBZBTp64zQwymqEV+KflfuoQ== X-Received: by 10.101.76.134 with SMTP id m6mr2664218pgt.445.1520721293362; Sat, 10 Mar 2018 14:34:53 -0800 (PST) Date: Sat, 10 Mar 2018 14:34:50 -0800 From: Kees Cook To: Thomas Gleixner Cc: linux-kernel@vger.kernel.org, Segher Boessenkool , kernel-hardening@lists.openwall.com Subject: [PATCH] rslib: Remove VLAs by setting upper bound on nroots Message-ID: <20180310223450.GA37999@beast> MIME-Version: 1.0 Content-Disposition: inline X-Virus-Scanned: ClamAV using ClamSMTP Avoid stack VLAs[1] by always allocating the upper bound of stack space needed. The existing users of rslib appear to max out at 24 roots[2], so use that as the upper bound until we have a reason to change it. Alternative considered: make init_rs() a true caller-instance and pre-allocate the workspaces. This would possibly need locking and a refactoring of the returned structure. Using kmalloc in this path doesn't look great, especially since at least one caller (pstore) is sensitive to allocations during rslib usage (it expects to run it during an Oops, for example). [1] https://lkml.org/lkml/2018/3/7/621 [2] https://lkml.org/lkml/2018/3/9/838 Signed-off-by: Kees Cook Reviewed-by: Thomas Gleixner --- lib/reed_solomon/decode_rs.c | 7 ++++--- lib/reed_solomon/reed_solomon.c | 5 ++++- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/lib/reed_solomon/decode_rs.c b/lib/reed_solomon/decode_rs.c index 0ec3f257ffdf..3e3becb836a6 100644 --- a/lib/reed_solomon/decode_rs.c +++ b/lib/reed_solomon/decode_rs.c @@ -31,9 +31,10 @@ * of nroots is 8. So the necessary stack size will be about * 220 bytes max. */ - uint16_t lambda[nroots + 1], syn[nroots]; - uint16_t b[nroots + 1], t[nroots + 1], omega[nroots + 1]; - uint16_t root[nroots], reg[nroots + 1], loc[nroots]; + uint16_t lambda[RS_MAX_ROOTS + 1], syn[RS_MAX_ROOTS]; + uint16_t b[RS_MAX_ROOTS + 1], t[RS_MAX_ROOTS + 1]; + uint16_t omega[RS_MAX_ROOTS + 1], root[RS_MAX_ROOTS]; + uint16_t reg[RS_MAX_ROOTS + 1], loc[RS_MAX_ROOTS]; int count = 0; uint16_t msk = (uint16_t) rs->nn; diff --git a/lib/reed_solomon/reed_solomon.c b/lib/reed_solomon/reed_solomon.c index 06d04cfa9339..3e218e70ac2e 100644 --- a/lib/reed_solomon/reed_solomon.c +++ b/lib/reed_solomon/reed_solomon.c @@ -51,6 +51,9 @@ static LIST_HEAD (rslist); /* Protection for the list */ static DEFINE_MUTEX(rslistlock); +/* Ultimately controls the upper bounds of the on-stack buffers. */ +#define RS_MAX_ROOTS 24 + /** * rs_init - Initialize a Reed-Solomon codec * @symsize: symbol size, bits (1-8) @@ -210,7 +213,7 @@ static struct rs_control *init_rs_internal(int symsize, int gfpoly, return NULL; if (prim <= 0 || prim >= (1<= (1<= (1< RS_MAX_ROOTS) return NULL; mutex_lock(&rslistlock);