From patchwork Thu Apr 19 10:04:49 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Thomas Gleixner X-Patchwork-Id: 10349497 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 9A83C6023A for ; Thu, 19 Apr 2018 10:12:16 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 8B82B284F4 for ; Thu, 19 Apr 2018 10:12:16 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 800B1285E5; Thu, 19 Apr 2018 10:12:16 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-5.2 required=2.0 tests=BAYES_00, MAILING_LIST_MULTI, RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from mother.openwall.net (mother.openwall.net [195.42.179.200]) by mail.wl.linuxfoundation.org (Postfix) with SMTP id 5265A284F4 for ; Thu, 19 Apr 2018 10:12:15 +0000 (UTC) Received: (qmail 15964 invoked by uid 550); 19 Apr 2018 10:10:32 -0000 Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Delivered-To: mailing list kernel-hardening@lists.openwall.com Received: (qmail 15750 invoked from network); 19 Apr 2018 10:10:23 -0000 Message-Id: <20180419100935.424056863@linutronix.de> User-Agent: quilt/0.63-1 Date: Thu, 19 Apr 2018 12:04:49 +0200 From: Thomas Gleixner To: LKML Cc: Kees Cook , Segher Boessenkool , Kernel Hardening , Andrew Morton , Boris Brezillon , Richard Weinberger , David Woodhouse , Alasdair Kergon , Mike Snitzer , Anton Vorontsov , Colin Cross , Tony Luck Subject: [patch V2 8/8] rslib: Allocate decoder buffers to avoid VLAs References: <20180419100441.548834519@linutronix.de> MIME-Version: 1.0 Content-Disposition: inline; filename=rslib--Allocate_decoder_buffers_to_avoid_VLAs.patch X-Virus-Scanned: ClamAV using ClamSMTP From: Thomas Gleixner To get rid of the variable length arrays on stack in the RS decoder it's necessary to allocate the decoder buffers per control structure instance. All usage sites have been checked for potential parallel decoder usage and fixed where necessary. Kees confirmed that the pstore decoding is strictly single threaded so there should be no surprises. Allocate them in the rs control structure sized depending on the number of roots for the chosen codec and adapt the decoder code to make use of them. Document the fact that decode operations based on a particular rs control instance cannot run in parallel and the caller has to ensure that as it's not possible to provide a proper locking construct which fits all use cases. Signed-off-by: Thomas Gleixner Acked-by: Kees Cook Cc: Boris Brezillon Cc: Tony Luck Cc: Segher Boessenkool Cc: Kernel Hardening Cc: Richard Weinberger Cc: Mike Snitzer Cc: Anton Vorontsov Cc: Colin Cross Cc: Andrew Morton Cc: David Woodhouse Cc: Alasdair Kergon --- include/linux/rslib.h | 1 + lib/reed_solomon/decode_rs.c | 20 +++++++++++++------- lib/reed_solomon/reed_solomon.c | 31 ++++++++++++++++++++++++++++++- 3 files changed, 44 insertions(+), 8 deletions(-) --- a/include/linux/rslib.h +++ b/include/linux/rslib.h @@ -51,6 +51,7 @@ struct rs_codec { */ struct rs_control { struct rs_codec *codec; + uint16_t buffers[0]; }; /* General purpose RS codec, 8-bit data width, symbol width 1-15 bit */ --- a/lib/reed_solomon/decode_rs.c +++ b/lib/reed_solomon/decode_rs.c @@ -21,16 +21,22 @@ uint16_t *alpha_to = rs->alpha_to; uint16_t *index_of = rs->index_of; uint16_t u, q, tmp, num1, num2, den, discr_r, syn_error; - /* Err+Eras Locator poly and syndrome poly The maximum value - * of nroots is 8. So the necessary stack size will be about - * 220 bytes max. - */ - uint16_t lambda[nroots + 1], syn[nroots]; - uint16_t b[nroots + 1], t[nroots + 1], omega[nroots + 1]; - uint16_t root[nroots], reg[nroots + 1], loc[nroots]; int count = 0; uint16_t msk = (uint16_t) rs->nn; + /* + * The decoder buffers are in the rs control struct. They are + * arrays sized [nroots + 1] + */ + uint16_t *lambda = rsc->buffers + RS_DECODE_LAMBDA * (nroots + 1); + uint16_t *syn = rsc->buffers + RS_DECODE_SYN * (nroots + 1); + uint16_t *b = rsc->buffers + RS_DECODE_B * (nroots + 1); + uint16_t *t = rsc->buffers + RS_DECODE_T * (nroots + 1); + uint16_t *omega = rsc->buffers + RS_DECODE_OMEGA * (nroots + 1); + uint16_t *root = rsc->buffers + RS_DECODE_ROOT * (nroots + 1); + uint16_t *reg = rsc->buffers + RS_DECODE_REG * (nroots + 1); + uint16_t *loc = rsc->buffers + RS_DECODE_LOC * (nroots + 1); + /* Check length parameter for validity */ pad = nn - nroots - len; BUG_ON(pad < 0 || pad >= nn); --- a/lib/reed_solomon/reed_solomon.c +++ b/lib/reed_solomon/reed_solomon.c @@ -37,6 +37,18 @@ #include #include +enum { + RS_DECODE_LAMBDA, + RS_DECODE_SYN, + RS_DECODE_B, + RS_DECODE_T, + RS_DECODE_OMEGA, + RS_DECODE_ROOT, + RS_DECODE_REG, + RS_DECODE_LOC, + RS_DECODE_NUM_BUFFERS +}; + /* This list holds all currently allocated rs codec structures */ static LIST_HEAD(codec_list); /* Protection for the list */ @@ -205,6 +217,7 @@ static struct rs_control *init_rs_intern { struct list_head *tmp; struct rs_control *rs; + unsigned int bsize; /* Sanity checks */ if (symsize < 1) @@ -216,7 +229,13 @@ static struct rs_control *init_rs_intern if (nroots < 0 || nroots >= (1< 8. The calling code must take care of decoding of the * syndrome result and the received parity before calling this code. + * + * Note: The rs_control struct @rsc contains buffers which are used for + * decoding, so the caller has to ensure that decoder invocations are + * serialized. + * * Returns the number of corrected bits or -EBADMSG for uncorrectable errors. */ int decode_rs8(struct rs_control *rsc, uint8_t *data, uint16_t *par, int len, @@ -371,6 +395,11 @@ EXPORT_SYMBOL_GPL(encode_rs16); * @corr: buffer to store correction bitmask on eras_pos * * Each field in the data array contains up to symbol size bits of valid data. + * + * Note: The rc_control struct @rsc contains buffers which are used for + * decoding, so the caller has to ensure that decoder invocations are + * serialized. + * * Returns the number of corrected bits or -EBADMSG for uncorrectable errors. */ int decode_rs16(struct rs_control *rsc, uint16_t *data, uint16_t *par, int len,