mirror of
https://github.com/torvalds/linux
synced 2024-10-21 18:59:26 +00:00
44f98a9332
The use of stack Variable Length Arrays needs to be avoided, as they can be a vector for stack exhaustion, which can be both a runtime bug (kernel Oops) or a security flaw (overwriting memory beyond the stack). Also, in general, as code evolves it is easy to lose track of how big a VLA can get. Thus, we can end up having runtime failures that are hard to debug. As part of the directive[1] to remove all VLAs from the kernel, and build with -Wvla. Currently rsi code uses a VLA based on a function argument to `rsi_sdio_load_data_master_write()`. The function call chain is Both these functions rsi_sdio_reinit_device() rsi_probe() start the call chain: rsi_hal_device_init() rsi_load_fw() auto_fw_upgrade() ping_pong_write() rsi_sdio_load_data_master_write() [Without familiarity with the code] it appears that none of the 4 locks mutex rx_mutex tx_mutex tx_bus_mutex are held when `rsi_sdio_load_data_master_write()` is called. It is therefore safe to use kmalloc with GFP_KERNEL. We can avoid using the VLA by using `kmalloc()` and free'ing the memory on all exit paths. Change buffer from 'u8 array' to 'u8 *'. Call `kmalloc()` to allocate memory for the buffer. Using goto statement to call `kfree()` on all return paths. It can be expected that this patch will result in a small increase in overhead due to the use of `kmalloc()` however this code is only called on initialization (and re-initialization) so this overhead should not degrade performance. [1] https://lkml.org/lkml/2018/3/7/621 Signed-off-by: Tobin C. Harding <me@tobin.cc> Signed-off-by: Kalle Valo <kvalo@codeaurora.org> |
||
|---|---|---|
| .. | ||
| Kconfig | ||
| Makefile | ||
| rsi_91x_coex.c | ||
| rsi_91x_core.c | ||
| rsi_91x_debugfs.c | ||
| rsi_91x_hal.c | ||
| rsi_91x_mac80211.c | ||
| rsi_91x_main.c | ||
| rsi_91x_mgmt.c | ||
| rsi_91x_ps.c | ||
| rsi_91x_sdio.c | ||
| rsi_91x_sdio_ops.c | ||
| rsi_91x_usb.c | ||
| rsi_91x_usb_ops.c | ||
| rsi_boot_params.h | ||
| rsi_coex.h | ||
| rsi_common.h | ||
| rsi_debugfs.h | ||
| rsi_hal.h | ||
| rsi_main.h | ||
| rsi_mgmt.h | ||
| rsi_ps.h | ||
| rsi_sdio.h | ||
| rsi_usb.h | ||