hw/nvme/ctrl.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)
The QEMU codebase has very few C variable length arrays, and if we can get rid of them all we can make the compiler error on new additions. This is a defensive measure against security bugs where an on-stack dynamic allocation isn't correctly size-checked (e.g. CVE-2021-3527). We last had a go at this a few years ago, when Philippe wrote patches for this: https://patchew.org/QEMU/20210505211047.1496765-1-philmd@redhat.com/ Some of the fixes made it into the tree, but some didn't (either because of lack of review or because review found some changes that needed to be made). I'm going through the remainder as a non-urgent Friday afternoon task... This patchset deals with two VLAs in the NVME code. thanks -- PMM Peter Maydell (1): hw/nvme: Avoid dynamic stack allocation Philippe Mathieu-Daudé (1): hw/nvme: Use #define to avoid variable length array hw/nvme/ctrl.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) -- 2.34.1
On 11/8/23 19:47, Peter Maydell wrote: > The QEMU codebase has very few C variable length arrays, and if we can > get rid of them all we can make the compiler error on new additions. > This is a defensive measure against security bugs where an on-stack > dynamic allocation isn't correctly size-checked (e.g. CVE-2021-3527). > > We last had a go at this a few years ago, when Philippe wrote > patches for this: > https://patchew.org/QEMU/20210505211047.1496765-1-philmd@redhat.com/ > Some of the fixes made it into the tree, but some didn't (either > because of lack of review or because review found some changes > that needed to be made). I'm going through the remainder as a > non-urgent Friday afternoon task... Thanks for refreshing this, I totally forgot about it :/ Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> > This patchset deals with two VLAs in the NVME code. > > thanks > -- PMM > > Peter Maydell (1): > hw/nvme: Avoid dynamic stack allocation > > Philippe Mathieu-Daudé (1): > hw/nvme: Use #define to avoid variable length array > > hw/nvme/ctrl.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) >
On Aug 11 18:47, Peter Maydell wrote: > The QEMU codebase has very few C variable length arrays, and if we can > get rid of them all we can make the compiler error on new additions. > This is a defensive measure against security bugs where an on-stack > dynamic allocation isn't correctly size-checked (e.g. CVE-2021-3527). > > We last had a go at this a few years ago, when Philippe wrote > patches for this: > https://patchew.org/QEMU/20210505211047.1496765-1-philmd@redhat.com/ > Some of the fixes made it into the tree, but some didn't (either > because of lack of review or because review found some changes > that needed to be made). I'm going through the remainder as a > non-urgent Friday afternoon task... > > This patchset deals with two VLAs in the NVME code. > > thanks > -- PMM > > Peter Maydell (1): > hw/nvme: Avoid dynamic stack allocation > > Philippe Mathieu-Daudé (1): > hw/nvme: Use #define to avoid variable length array > > hw/nvme/ctrl.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > -- > 2.34.1 > Thanks Peter, Applied to nvme-next!
On Mon, 14 Aug 2023 at 08:09, Klaus Jensen <its@irrelevant.dk> wrote: > > On Aug 11 18:47, Peter Maydell wrote: > > The QEMU codebase has very few C variable length arrays, and if we can > > get rid of them all we can make the compiler error on new additions. > > This is a defensive measure against security bugs where an on-stack > > dynamic allocation isn't correctly size-checked (e.g. CVE-2021-3527). > > > > We last had a go at this a few years ago, when Philippe wrote > > patches for this: > > https://patchew.org/QEMU/20210505211047.1496765-1-philmd@redhat.com/ > > Some of the fixes made it into the tree, but some didn't (either > > because of lack of review or because review found some changes > > that needed to be made). I'm going through the remainder as a > > non-urgent Friday afternoon task... > > > > This patchset deals with two VLAs in the NVME code. > > > > thanks > > -- PMM > > > > Peter Maydell (1): > > hw/nvme: Avoid dynamic stack allocation > > > > Philippe Mathieu-Daudé (1): > > hw/nvme: Use #define to avoid variable length array > > > > hw/nvme/ctrl.c | 4 ++-- > > 1 file changed, 2 insertions(+), 2 deletions(-) > > > > -- > > 2.34.1 > > > > Thanks Peter, > > Applied to nvme-next! Hi Klaus -- did these patches get lost? They don't seem to have appeared in master yet. thanks -- PMM
On Sep 12 15:15, Peter Maydell wrote: > On Mon, 14 Aug 2023 at 08:09, Klaus Jensen <its@irrelevant.dk> wrote: > > > > On Aug 11 18:47, Peter Maydell wrote: > > > The QEMU codebase has very few C variable length arrays, and if we can > > > get rid of them all we can make the compiler error on new additions. > > > This is a defensive measure against security bugs where an on-stack > > > dynamic allocation isn't correctly size-checked (e.g. CVE-2021-3527). > > > > > > We last had a go at this a few years ago, when Philippe wrote > > > patches for this: > > > https://patchew.org/QEMU/20210505211047.1496765-1-philmd@redhat.com/ > > > Some of the fixes made it into the tree, but some didn't (either > > > because of lack of review or because review found some changes > > > that needed to be made). I'm going through the remainder as a > > > non-urgent Friday afternoon task... > > > > > > This patchset deals with two VLAs in the NVME code. > > > > > > thanks > > > -- PMM > > > > > > Peter Maydell (1): > > > hw/nvme: Avoid dynamic stack allocation > > > > > > Philippe Mathieu-Daudé (1): > > > hw/nvme: Use #define to avoid variable length array > > > > > > hw/nvme/ctrl.c | 4 ++-- > > > 1 file changed, 2 insertions(+), 2 deletions(-) > > > > > > -- > > > 2.34.1 > > > > > > > Thanks Peter, > > > > Applied to nvme-next! > > > Hi Klaus -- did these patches get lost? They don't seem to > have appeared in master yet. > > thanks > -- PMM Oh. I never sent the pull - I'll do that right away! Thanks for the reminder!
© 2016 - 2024 Red Hat, Inc.