| Message ID | 20230824153224.2517486-1-peter.maydell@linaro.org |
|---|---|
| Headers | show |
| Series | net: avoid variable length arrays | expand |
Hi, Jason. This patchset has been reviewed -- do you want to pick it up via the net tree? thanks -- PMM On Thu, 24 Aug 2023 at 16:32, Peter Maydell <peter.maydell@linaro.org> wrote: > > This patchset removes the use of variable length arrays in a couple > of network devices and the net/ core code. In one case we can switch > to a fixed-sized array on the stack; in the other three we have to > use a heap allocation. > > The codebase has very few VLAs, and if we can get rid of them all we > can make the compiler error on new additions. This is a defensive > measure against security bugs where an on-stack dynamic allocation > isn't correctly size-checked (e.g. CVE-2021-3527). > > Philippe had a go at these in a patch in 2021: > https://patchew.org/QEMU/20210505211047.1496765-1-philmd@redhat.com/20210505211047.1496765-16-philmd@redhat.com/ > but these are re-implementations, mostly. > > Usual disclaimer: I have tested these patches only with > "make check" and "make check-avocado". > > thanks > -- PMM > > Peter Maydell (4): > hw/net/fsl_etsec/rings.c: Avoid variable length array > hw/net/rocker: Avoid variable length array > net/dump: Avoid variable length array > net/tap: Avoid variable-length array > > hw/net/fsl_etsec/rings.c | 12 ++++++++++-- > hw/net/rocker/rocker_of_dpa.c | 2 +- > net/dump.c | 2 +- > net/tap.c | 3 ++- > 4 files changed, 14 insertions(+), 5 deletions(-)
On Tue, Sep 12, 2023 at 10:20 PM Peter Maydell <peter.maydell@linaro.org> wrote: > > Hi, Jason. This patchset has been reviewed -- do you want to > pick it up via the net tree? Yes, I've queued this. Thanks > > thanks > -- PMM > > On Thu, 24 Aug 2023 at 16:32, Peter Maydell <peter.maydell@linaro.org> wrote: > > > > This patchset removes the use of variable length arrays in a couple > > of network devices and the net/ core code. In one case we can switch > > to a fixed-sized array on the stack; in the other three we have to > > use a heap allocation. > > > > The codebase has very few VLAs, and if we can get rid of them all we > > can make the compiler error on new additions. This is a defensive > > measure against security bugs where an on-stack dynamic allocation > > isn't correctly size-checked (e.g. CVE-2021-3527). > > > > Philippe had a go at these in a patch in 2021: > > https://patchew.org/QEMU/20210505211047.1496765-1-philmd@redhat.com/20210505211047.1496765-16-philmd@redhat.com/ > > but these are re-implementations, mostly. > > > > Usual disclaimer: I have tested these patches only with > > "make check" and "make check-avocado". > > > > thanks > > -- PMM > > > > Peter Maydell (4): > > hw/net/fsl_etsec/rings.c: Avoid variable length array > > hw/net/rocker: Avoid variable length array > > net/dump: Avoid variable length array > > net/tap: Avoid variable-length array > > > > hw/net/fsl_etsec/rings.c | 12 ++++++++++-- > > hw/net/rocker/rocker_of_dpa.c | 2 +- > > net/dump.c | 2 +- > > net/tap.c | 3 ++- > > 4 files changed, 14 insertions(+), 5 deletions(-) >