1. Patchew
  2. QEMU
  3. View series

[PATCH 0/4] net: avoid variable length arrays

Peter Maydell posted 4 patches 1 year, 3 months ago
Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/qemu tags/patchew/20230824153224.2517486-1-peter.maydell@linaro.org
Maintainers: Jason Wang <jasowang@redhat.com>, Jiri Pirko <jiri@resnulli.us>
hw/net/fsl_etsec/rings.c      | 12 ++++++++++--
hw/net/rocker/rocker_of_dpa.c |  2 +-
net/dump.c                    |  2 +-
net/tap.c                     |  3 ++-
4 files changed, 14 insertions(+), 5 deletions(-)
[PATCH 0/4] net: avoid variable length arrays
Posted by Peter Maydell 1 year, 3 months ago 
This patchset removes the use of variable length arrays in a couple
of network devices and the net/ core code.  In one case we can switch
to a fixed-sized array on the stack; in the other three we have to
use a heap allocation.

The codebase has very few VLAs, and if we can get rid of them all we
can make the compiler error on new additions.  This is a defensive
measure against security bugs where an on-stack dynamic allocation
isn't correctly size-checked (e.g.  CVE-2021-3527).

Philippe had a go at these in  a patch in 2021:
https://patchew.org/QEMU/20210505211047.1496765-1-philmd@redhat.com/20210505211047.1496765-16-philmd@redhat.com/
but these are re-implementations, mostly.

Usual disclaimer: I have tested these patches only with
"make check" and "make check-avocado".

thanks
-- PMM

Peter Maydell (4):
  hw/net/fsl_etsec/rings.c: Avoid variable length array
  hw/net/rocker: Avoid variable length array
  net/dump: Avoid variable length array
  net/tap: Avoid variable-length array

 hw/net/fsl_etsec/rings.c      | 12 ++++++++++--
 hw/net/rocker/rocker_of_dpa.c |  2 +-
 net/dump.c                    |  2 +-
 net/tap.c                     |  3 ++-
 4 files changed, 14 insertions(+), 5 deletions(-)

-- 
2.34.1
Re: [PATCH 0/4] net: avoid variable length arrays
Posted by Peter Maydell 1 year, 2 months ago 
Hi, Jason. This patchset has been reviewed -- do you want to
pick it up via the net tree?

thanks
-- PMM

On Thu, 24 Aug 2023 at 16:32, Peter Maydell <peter.maydell@linaro.org> wrote:
>
> This patchset removes the use of variable length arrays in a couple
> of network devices and the net/ core code.  In one case we can switch
> to a fixed-sized array on the stack; in the other three we have to
> use a heap allocation.
>
> The codebase has very few VLAs, and if we can get rid of them all we
> can make the compiler error on new additions.  This is a defensive
> measure against security bugs where an on-stack dynamic allocation
> isn't correctly size-checked (e.g.  CVE-2021-3527).
>
> Philippe had a go at these in  a patch in 2021:
> https://patchew.org/QEMU/20210505211047.1496765-1-philmd@redhat.com/20210505211047.1496765-16-philmd@redhat.com/
> but these are re-implementations, mostly.
>
> Usual disclaimer: I have tested these patches only with
> "make check" and "make check-avocado".
>
> thanks
> -- PMM
>
> Peter Maydell (4):
>   hw/net/fsl_etsec/rings.c: Avoid variable length array
>   hw/net/rocker: Avoid variable length array
>   net/dump: Avoid variable length array
>   net/tap: Avoid variable-length array
>
>  hw/net/fsl_etsec/rings.c      | 12 ++++++++++--
>  hw/net/rocker/rocker_of_dpa.c |  2 +-
>  net/dump.c                    |  2 +-
>  net/tap.c                     |  3 ++-
>  4 files changed, 14 insertions(+), 5 deletions(-)
Re: [PATCH 0/4] net: avoid variable length arrays
Posted by Jason Wang 1 year, 2 months ago 
On Tue, Sep 12, 2023 at 10:20 PM Peter Maydell <peter.maydell@linaro.org> wrote:
>
> Hi, Jason. This patchset has been reviewed -- do you want to
> pick it up via the net tree?

Yes, I've queued this.

Thanks

>
> thanks
> -- PMM
>
> On Thu, 24 Aug 2023 at 16:32, Peter Maydell <peter.maydell@linaro.org> wrote:
> >
> > This patchset removes the use of variable length arrays in a couple
> > of network devices and the net/ core code.  In one case we can switch
> > to a fixed-sized array on the stack; in the other three we have to
> > use a heap allocation.
> >
> > The codebase has very few VLAs, and if we can get rid of them all we
> > can make the compiler error on new additions.  This is a defensive
> > measure against security bugs where an on-stack dynamic allocation
> > isn't correctly size-checked (e.g.  CVE-2021-3527).
> >
> > Philippe had a go at these in  a patch in 2021:
> > https://patchew.org/QEMU/20210505211047.1496765-1-philmd@redhat.com/20210505211047.1496765-16-philmd@redhat.com/
> > but these are re-implementations, mostly.
> >
> > Usual disclaimer: I have tested these patches only with
> > "make check" and "make check-avocado".
> >
> > thanks
> > -- PMM
> >
> > Peter Maydell (4):
> >   hw/net/fsl_etsec/rings.c: Avoid variable length array
> >   hw/net/rocker: Avoid variable length array
> >   net/dump: Avoid variable length array
> >   net/tap: Avoid variable-length array
> >
> >  hw/net/fsl_etsec/rings.c      | 12 ++++++++++--
> >  hw/net/rocker/rocker_of_dpa.c |  2 +-
> >  net/dump.c                    |  2 +-
> >  net/tap.c                     |  3 ++-
> >  4 files changed, 14 insertions(+), 5 deletions(-)
>

Patchew 2.1-devel-b67e4c2

© 2016 - 2024 Red Hat, Inc.