From patchwork Thu Mar 15 19:47:46 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 10285707 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 173B660291 for ; Thu, 15 Mar 2018 19:48:46 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 0C15C28B60 for ; Thu, 15 Mar 2018 19:48:46 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 0090328C1A; Thu, 15 Mar 2018 19:48:45 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.8 required=2.0 tests=BAYES_00,DKIM_SIGNED, RCVD_IN_DNSWL_HI,T_DKIM_INVALID autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 48ED028B60 for ; Thu, 15 Mar 2018 19:48:45 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932397AbeCOTso (ORCPT ); Thu, 15 Mar 2018 15:48:44 -0400 Received: from mail-pl0-f67.google.com ([209.85.160.67]:46356 "EHLO mail-pl0-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752011AbeCOTry (ORCPT ); Thu, 15 Mar 2018 15:47:54 -0400 Received: by mail-pl0-f67.google.com with SMTP id f5-v6so4396765plj.13 for ; Thu, 15 Mar 2018 12:47:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=EW+e1W8pvRgjTePfgizezvzi9dI4+U5AdXRYyQsIL90=; b=f+Nba7Y1wjBtaEcKzSLCNCB3Fd3u6VA+F2HTm7xwTn42l4xU/WD97CtWp7nuIru0K6 AWehA+s11FYylIbSUS5ivFe09bgAXR4KyKeZbVEUgjte2KzIy5L1mFupkbMn90ismX5E FqZDxXcVwIUASzYso/YhvO5FIb4mqA+25/hdg= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=EW+e1W8pvRgjTePfgizezvzi9dI4+U5AdXRYyQsIL90=; b=LUn8STNHyuKyfet0Bwk0S79Hm6uPt5CVGVARMF+9kRsYxcQ5ngnkejMuzb2/kESgTw R21GgY9y8Oz1k1JjuicWnBTxzrE4o8hdOQTucREJ8tifcIxex2nWZVBnIxK1R2L7tPQ1 qHPu/PpKrZljYsbFtP0izOjKSdCNpciC9hGoGj3hvn5AB+0wMCCiLzRF3BwNHMkLGeK/ f+vFacQM/2S+nWVb5l0q+glPG6uAHUuNtCVYqYTCHYWuMTqotcdrnROHtQ2NCq6rImm/ w2iq6h8Zz8wq/Lsee0kDyb9j4GfZkoFJOCsB+wBHGYJPiqWlIw244kHMYQhjlVxY5cJv HEzA== X-Gm-Message-State: AElRT7EEuG/mFpIjsfV6ZTtPJPtocTi/TSohuG+600dJljeyHCLrfwBy HONgCEoRf2B/0lyFw0+4GmF0VQ== X-Google-Smtp-Source: AG47ELuLf6Tq9GsbmolzaqalmJOuNV7b0nBwQl1r9TIlj0cTFbGmEO1M2fKq5axDD6s+MACii+SqAQ== X-Received: by 2002:a17:902:7d17:: with SMTP id z23-v6mr9530686pll.237.1521143273928; Thu, 15 Mar 2018 12:47:53 -0700 (PDT) Received: from www.outflux.net (173-164-112-133-Oregon.hfc.comcastbusiness.net. [173.164.112.133]) by smtp.gmail.com with ESMTPSA id r1sm9441517pgq.41.2018.03.15.12.47.51 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 15 Mar 2018 12:47:51 -0700 (PDT) From: Kees Cook To: Andrew Morton Cc: Kees Cook , Linus Torvalds , Josh Poimboeuf , Rasmus Villemoes , Randy Dunlap , Miguel Ojeda , Ingo Molnar , David Laight , Ian Abbott , linux-input@vger.kernel.org, linux-btrfs@vger.kernel.org, netdev@vger.kernel.org, linux-kernel@vger.kernel.org, kernel-hardening@lists.openwall.com Subject: [PATCH v4 2/2] Remove false-positive VLAs when using max() Date: Thu, 15 Mar 2018 12:47:46 -0700 Message-Id: <1521143266-31350-3-git-send-email-keescook@chromium.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1521143266-31350-1-git-send-email-keescook@chromium.org> References: <1521143266-31350-1-git-send-email-keescook@chromium.org> Sender: linux-input-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-input@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP As part of removing VLAs from the kernel[1], we want to build with -Wvla, but it is overly pessimistic and only accepts constant expressions for stack array sizes, instead of also constant values. The max() macro triggers the warning, so this refactors these uses of max() to use the new const_max() instead. [1] https://lkml.org/lkml/2018/3/7/621 Signed-off-by: Kees Cook Reviewed-by: Nikolay Borisov --- drivers/input/touchscreen/cyttsp4_core.c | 2 +- fs/btrfs/tree-checker.c | 3 ++- lib/vsprintf.c | 4 ++-- net/ipv4/proc.c | 8 ++++---- net/ipv6/proc.c | 10 ++++------ 5 files changed, 13 insertions(+), 14 deletions(-) diff --git a/drivers/input/touchscreen/cyttsp4_core.c b/drivers/input/touchscreen/cyttsp4_core.c index 727c3232517c..f89497940051 100644 --- a/drivers/input/touchscreen/cyttsp4_core.c +++ b/drivers/input/touchscreen/cyttsp4_core.c @@ -868,7 +868,7 @@ static void cyttsp4_get_mt_touches(struct cyttsp4_mt_data *md, int num_cur_tch) struct cyttsp4_touch tch; int sig; int i, j, t = 0; - int ids[max(CY_TMA1036_MAX_TCH, CY_TMA4XX_MAX_TCH)]; + int ids[const_max(CY_TMA1036_MAX_TCH, CY_TMA4XX_MAX_TCH)]; memset(ids, 0, si->si_ofs.tch_abs[CY_TCH_T].max * sizeof(int)); for (i = 0; i < num_cur_tch; i++) { diff --git a/fs/btrfs/tree-checker.c b/fs/btrfs/tree-checker.c index c3c8d48f6618..1ddd6cc3c4fc 100644 --- a/fs/btrfs/tree-checker.c +++ b/fs/btrfs/tree-checker.c @@ -341,7 +341,8 @@ static int check_dir_item(struct btrfs_root *root, */ if (key->type == BTRFS_DIR_ITEM_KEY || key->type == BTRFS_XATTR_ITEM_KEY) { - char namebuf[max(BTRFS_NAME_LEN, XATTR_NAME_MAX)]; + char namebuf[const_max(BTRFS_NAME_LEN, + XATTR_NAME_MAX)]; read_extent_buffer(leaf, namebuf, (unsigned long)(di + 1), name_len); diff --git a/lib/vsprintf.c b/lib/vsprintf.c index d7a708f82559..9d5610b643ce 100644 --- a/lib/vsprintf.c +++ b/lib/vsprintf.c @@ -744,8 +744,8 @@ char *resource_string(char *buf, char *end, struct resource *res, #define FLAG_BUF_SIZE (2 * sizeof(res->flags)) #define DECODED_BUF_SIZE sizeof("[mem - 64bit pref window disabled]") #define RAW_BUF_SIZE sizeof("[mem - flags 0x]") - char sym[max(2*RSRC_BUF_SIZE + DECODED_BUF_SIZE, - 2*RSRC_BUF_SIZE + FLAG_BUF_SIZE + RAW_BUF_SIZE)]; + char sym[const_max(2*RSRC_BUF_SIZE + DECODED_BUF_SIZE, + 2*RSRC_BUF_SIZE + FLAG_BUF_SIZE + RAW_BUF_SIZE)]; char *p = sym, *pend = sym + sizeof(sym); int decode = (fmt[0] == 'R') ? 1 : 0; diff --git a/net/ipv4/proc.c b/net/ipv4/proc.c index dc5edc8f7564..fad6f989004e 100644 --- a/net/ipv4/proc.c +++ b/net/ipv4/proc.c @@ -46,7 +46,7 @@ #include #include -#define TCPUDP_MIB_MAX max_t(u32, UDP_MIB_MAX, TCP_MIB_MAX) +#define TCPUDP_MIB_MAX const_max(UDP_MIB_MAX, TCP_MIB_MAX) /* * Report socket allocation statistics [mea@utu.fi] @@ -404,7 +404,7 @@ static int snmp_seq_show_tcp_udp(struct seq_file *seq, void *v) struct net *net = seq->private; int i; - memset(buff, 0, TCPUDP_MIB_MAX * sizeof(unsigned long)); + memset(buff, 0, sizeof(buff)); seq_puts(seq, "\nTcp:"); for (i = 0; snmp4_tcp_list[i].name; i++) @@ -421,7 +421,7 @@ static int snmp_seq_show_tcp_udp(struct seq_file *seq, void *v) seq_printf(seq, " %lu", buff[i]); } - memset(buff, 0, TCPUDP_MIB_MAX * sizeof(unsigned long)); + memset(buff, 0, sizeof(buff)); snmp_get_cpu_field_batch(buff, snmp4_udp_list, net->mib.udp_statistics); @@ -432,7 +432,7 @@ static int snmp_seq_show_tcp_udp(struct seq_file *seq, void *v) for (i = 0; snmp4_udp_list[i].name; i++) seq_printf(seq, " %lu", buff[i]); - memset(buff, 0, TCPUDP_MIB_MAX * sizeof(unsigned long)); + memset(buff, 0, sizeof(buff)); /* the UDP and UDP-Lite MIBs are the same */ seq_puts(seq, "\nUdpLite:"); diff --git a/net/ipv6/proc.c b/net/ipv6/proc.c index b67814242f78..58bbfc4fa7fa 100644 --- a/net/ipv6/proc.c +++ b/net/ipv6/proc.c @@ -30,10 +30,8 @@ #include #include -#define MAX4(a, b, c, d) \ - max_t(u32, max_t(u32, a, b), max_t(u32, c, d)) -#define SNMP_MIB_MAX MAX4(UDP_MIB_MAX, TCP_MIB_MAX, \ - IPSTATS_MIB_MAX, ICMP_MIB_MAX) +#define SNMP_MIB_MAX const_max(const_max(UDP_MIB_MAX, TCP_MIB_MAX), \ + const_max(IPSTATS_MIB_MAX, ICMP_MIB_MAX)) static int sockstat6_seq_show(struct seq_file *seq, void *v) { @@ -199,7 +197,7 @@ static void snmp6_seq_show_item(struct seq_file *seq, void __percpu *pcpumib, int i; if (pcpumib) { - memset(buff, 0, sizeof(unsigned long) * SNMP_MIB_MAX); + memset(buff, 0, sizeof(buff)); snmp_get_cpu_field_batch(buff, itemlist, pcpumib); for (i = 0; itemlist[i].name; i++) @@ -218,7 +216,7 @@ static void snmp6_seq_show_item64(struct seq_file *seq, void __percpu *mib, u64 buff64[SNMP_MIB_MAX]; int i; - memset(buff64, 0, sizeof(u64) * SNMP_MIB_MAX); + memset(buff64, 0, sizeof(buff64)); snmp_get_cpu_field64_batch(buff64, itemlist, mib, syncpoff); for (i = 0; itemlist[i].name; i++)