From patchwork Wed Feb 21 16:26:34 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Thomas Huth X-Patchwork-Id: 13565948 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id DD44CC48BEB for ; Wed, 21 Feb 2024 16:27:26 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1rcpQq-0007XT-Vf; Wed, 21 Feb 2024 11:26:53 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rcpQp-0007W0-CF for qemu-devel@nongnu.org; Wed, 21 Feb 2024 11:26:51 -0500 Received: from us-smtp-delivery-124.mimecast.com ([170.10.129.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rcpQn-0008Em-35 for qemu-devel@nongnu.org; Wed, 21 Feb 2024 11:26:51 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1708532808; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=CXDKVpwJAYA4YVPBkA8OYk6BlM/3pdgrzFZ7ieOCgNQ=; b=ZtiEDVtqfUrb9zn9PNODDgO9+DZN59BO4KQCnkyH1tSn5M7JWIxvjABFJ62+cYx8Jr+bB8 rQFR/FwSc7gB7Pwbe8vkjDmLShc+oKPSfjjTD2u4/pW9ECgK9wOSBVtGiMaMeK+lr6NPn8 zps8amItxFMEgckewp9vWs/k011DXl4= Received: from mimecast-mx02.redhat.com (mx-ext.redhat.com [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-339-1eJx4iy-Py6T3ZXP3xtEJA-1; Wed, 21 Feb 2024 11:26:42 -0500 X-MC-Unique: 1eJx4iy-Py6T3ZXP3xtEJA-1 Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.rdu2.redhat.com [10.11.54.4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id DD27F3869152; Wed, 21 Feb 2024 16:26:41 +0000 (UTC) Received: from thuth-p1g4.redhat.com (unknown [10.39.194.110]) by smtp.corp.redhat.com (Postfix) with ESMTP id 0B958201154D; Wed, 21 Feb 2024 16:26:39 +0000 (UTC) From: Thomas Huth To: qemu-devel@nongnu.org, Peter Maydell Cc: qemu-ppc@nongnu.org, =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= , Nicholas Piggin , Daniel Henrique Barboza , =?utf-8?q?C=C3=A9dric_Le_G?= =?utf-8?q?oater?= Subject: [PATCH 1/3] target/ppc/kvm: Replace variable length array in kvmppc_save_htab() Date: Wed, 21 Feb 2024 17:26:34 +0100 Message-ID: <20240221162636.173136-2-thuth@redhat.com> In-Reply-To: <20240221162636.173136-1-thuth@redhat.com> References: <20240221162636.173136-1-thuth@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.4.1 on 10.11.54.4 Received-SPF: pass client-ip=170.10.129.124; envelope-from=thuth@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -21 X-Spam_score: -2.2 X-Spam_bar: -- X-Spam_report: (-2.2 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.05, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=unavailable autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org To be able to compile QEMU with -Wvla (to prevent potential security issues), we need to get rid of the variable length array in the kvmppc_save_htab() function. Replace it with a heap allocation instead. Signed-off-by: Thomas Huth Reviewed-by: Peter Maydell --- target/ppc/kvm.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/target/ppc/kvm.c b/target/ppc/kvm.c index 26fa9d0575..e7e39c3091 100644 --- a/target/ppc/kvm.c +++ b/target/ppc/kvm.c @@ -2688,7 +2688,7 @@ int kvmppc_get_htab_fd(bool write, uint64_t index, Error **errp) int kvmppc_save_htab(QEMUFile *f, int fd, size_t bufsize, int64_t max_ns) { int64_t starttime = qemu_clock_get_ns(QEMU_CLOCK_REALTIME); - uint8_t buf[bufsize]; + g_autofree uint8_t *buf = g_malloc(bufsize); ssize_t rc; do { From patchwork Wed Feb 21 16:26:35 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Thomas Huth X-Patchwork-Id: 13565950 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 15A71C48BEB for ; Wed, 21 Feb 2024 16:27:54 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1rcpQr-0007YN-LI; Wed, 21 Feb 2024 11:26:53 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rcpQp-0007WI-GI for qemu-devel@nongnu.org; Wed, 21 Feb 2024 11:26:51 -0500 Received: from us-smtp-delivery-124.mimecast.com ([170.10.129.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rcpQn-0008Ev-6K for qemu-devel@nongnu.org; Wed, 21 Feb 2024 11:26:51 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1708532808; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=yTAhra5hWOo79Lnr6O9bGe/90dQYP3WAL0JeuVs1BvM=; b=i5/H9yQ8wwB/uc8KIqGfW9ohUtHUrkigLuRYyMVjKH9cqy9Fhwj3oROj1r9z4DmG+kD2ML BO4mB7Dbk0nGG8h/81Gy5oT53bIMe53/HL5M9ZiKO1xPmlwQUcouZg7tday5D8YNTtTRXL xpDlpdzwPXH9XFtzpEUyNXp/+69qUww= Received: from mimecast-mx02.redhat.com (mx-ext.redhat.com [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-665-omqZ1I13M_6a1mPOW7Bg6A-1; Wed, 21 Feb 2024 11:26:44 -0500 X-MC-Unique: omqZ1I13M_6a1mPOW7Bg6A-1 Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.rdu2.redhat.com [10.11.54.4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id E8E25293248F; Wed, 21 Feb 2024 16:26:43 +0000 (UTC) Received: from thuth-p1g4.redhat.com (unknown [10.39.194.110]) by smtp.corp.redhat.com (Postfix) with ESMTP id 2F7FF2022AAA; Wed, 21 Feb 2024 16:26:42 +0000 (UTC) From: Thomas Huth To: qemu-devel@nongnu.org, Peter Maydell Cc: qemu-ppc@nongnu.org, =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= , Nicholas Piggin , Daniel Henrique Barboza , =?utf-8?q?C=C3=A9dric_Le_G?= =?utf-8?q?oater?= Subject: [PATCH 2/3] target/ppc/kvm: Replace variable length array in kvmppc_read_hptes() Date: Wed, 21 Feb 2024 17:26:35 +0100 Message-ID: <20240221162636.173136-3-thuth@redhat.com> In-Reply-To: <20240221162636.173136-1-thuth@redhat.com> References: <20240221162636.173136-1-thuth@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.4.1 on 10.11.54.4 Received-SPF: pass client-ip=170.10.129.124; envelope-from=thuth@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -21 X-Spam_score: -2.2 X-Spam_bar: -- X-Spam_report: (-2.2 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.05, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=unavailable autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org HPTES_PER_GROUP is 8 and HASH_PTE_SIZE_64 is 16, so we don't waste too many bytes by always allocating the maximum amount of bytes on the stack here to get rid of the variable length array. Suggested-by: Peter Maydell Signed-off-by: Thomas Huth Reviewed-by: Peter Maydell --- target/ppc/kvm.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/target/ppc/kvm.c b/target/ppc/kvm.c index e7e39c3091..bcf30a5400 100644 --- a/target/ppc/kvm.c +++ b/target/ppc/kvm.c @@ -2770,9 +2770,9 @@ void kvmppc_read_hptes(ppc_hash_pte64_t *hptes, hwaddr ptex, int n) while (i < n) { struct kvm_get_htab_header *hdr; int m = n < HPTES_PER_GROUP ? n : HPTES_PER_GROUP; - char buf[sizeof(*hdr) + m * HASH_PTE_SIZE_64]; + char buf[sizeof(*hdr) + HPTES_PER_GROUP * HASH_PTE_SIZE_64]; - rc = read(fd, buf, sizeof(buf)); + rc = read(fd, buf, sizeof(*hdr) + m * HASH_PTE_SIZE_64); if (rc < 0) { hw_error("kvmppc_read_hptes: Unable to read HPTEs"); } From patchwork Wed Feb 21 16:26:36 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Thomas Huth X-Patchwork-Id: 13565949 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id E1ECFC54764 for ; Wed, 21 Feb 2024 16:27:26 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1rcpQz-0007fU-IV; Wed, 21 Feb 2024 11:27:01 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rcpQx-0007di-5I for qemu-devel@nongnu.org; Wed, 21 Feb 2024 11:26:59 -0500 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rcpQq-0008ID-Dh for qemu-devel@nongnu.org; Wed, 21 Feb 2024 11:26:58 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1708532811; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Wt6FO/BOJi8+tOHcjCIUSz3bCg3PpFu/35Ra4LjGzGg=; b=C7M1LVzd4TwpS5tZHHi+MdDEjiWdqCoO/mPH8DjoL0iURb8eTdp744DEUMaxmrqEjY77/R qQQuv/bN3tQi/hSv5Th/MEwqyrRFRyv7zD3gskti/7HGmdLQBUMenYhnIgyq2wKn28/wej VGNbWu/0WU4VFz6PXyfEGGJEcUFEQXM= Received: from mimecast-mx02.redhat.com (mx-ext.redhat.com [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-112-0OdJL2h_OeGEQATgiojoYA-1; Wed, 21 Feb 2024 11:26:46 -0500 X-MC-Unique: 0OdJL2h_OeGEQATgiojoYA-1 Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.rdu2.redhat.com [10.11.54.4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 404B63869150; Wed, 21 Feb 2024 16:26:46 +0000 (UTC) Received: from thuth-p1g4.redhat.com (unknown [10.39.194.110]) by smtp.corp.redhat.com (Postfix) with ESMTP id 7552120169D6; Wed, 21 Feb 2024 16:26:44 +0000 (UTC) From: Thomas Huth To: qemu-devel@nongnu.org, Peter Maydell Cc: qemu-ppc@nongnu.org, =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= , Nicholas Piggin , Daniel Henrique Barboza , =?utf-8?q?C=C3=A9dric_Le_G?= =?utf-8?q?oater?= Subject: [PATCH 3/3] meson: Enable -Wvla Date: Wed, 21 Feb 2024 17:26:36 +0100 Message-ID: <20240221162636.173136-4-thuth@redhat.com> In-Reply-To: <20240221162636.173136-1-thuth@redhat.com> References: <20240221162636.173136-1-thuth@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.4.1 on 10.11.54.4 Received-SPF: pass client-ip=170.10.133.124; envelope-from=thuth@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.05, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, T_SPF_TEMPERROR=0.01 autolearn=unavailable autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org From: Peter Maydell QEMU has historically used variable length arrays only very rarely. Variable length arrays are a potential security issue where an on-stack dynamic allocation isn't correctly size-checked, especially when the size comes from the guest. (An example problem of this kind from the past is CVE-2021-3527). Forbidding them entirely is a defensive measure against further bugs of this kind. Enable -Wvla to prevent any new uses from sneaking into the codebase. Signed-off-by: Peter Maydell Message-ID: <20240125173211.1786196-3-peter.maydell@linaro.org> [thuth: rebased to current master branch] Signed-off-by: Thomas Huth Reviewed-by: Philippe Mathieu-Daudé Tested-by: Philippe Mathieu-Daudé --- meson.build | 1 + 1 file changed, 1 insertion(+) diff --git a/meson.build b/meson.build index c1dc83e4c0..0ef1654e86 100644 --- a/meson.build +++ b/meson.build @@ -592,6 +592,7 @@ warn_flags = [ '-Wstrict-prototypes', '-Wtype-limits', '-Wundef', + '-Wvla', '-Wwrite-strings', # Then disable some undesirable warnings