diff options
| author | Kees Cook <keescook@chromium.org> | 2018-04-29 11:00:53 -0400 |
|---|---|---|
| committer | Boris Brezillon <boris.brezillon@bootlin.com> | 2018-04-30 10:11:16 -0400 |
| commit | 27ab41e2c183e960a045c8f3b87b2341a5f10f19 (patch) | |
| tree | 0168e650060ee93e20af3692c9ddd98fbab0651d | |
| parent | 7cc9aa669a5119a8d70b22c57779d1decd4d0d62 (diff) | |
mtd: nftl: Remove VLA usage
On the quest to remove all stack VLAs from the kernel[1] this changes
the check_free_sectors() routine to use a kmalloc()ed buffer instead
of a large VLA stack buffer.
[1] https://lkml.kernel.org/r/CA+55aFzCG-zNmZwX4A2FQpadafLfEzK6CC=qPXydAacU1RqZWA@mail.gmail.com
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Boris Brezillon <boris.brezillon@bootlin.com>
| -rw-r--r-- | drivers/mtd/inftlmount.c | 23 | ||||
| -rw-r--r-- | drivers/mtd/nftlmount.c | 23 |
2 files changed, 32 insertions, 14 deletions
diff --git a/drivers/mtd/inftlmount.c b/drivers/mtd/inftlmount.c index aab4f68bd36f..2d598412972d 100644 --- a/drivers/mtd/inftlmount.c +++ b/drivers/mtd/inftlmount.c | |||
| @@ -334,28 +334,37 @@ static int memcmpb(void *a, int c, int n) | |||
| 334 | static int check_free_sectors(struct INFTLrecord *inftl, unsigned int address, | 334 | static int check_free_sectors(struct INFTLrecord *inftl, unsigned int address, |
| 335 | int len, int check_oob) | 335 | int len, int check_oob) |
| 336 | { | 336 | { |
| 337 | u8 buf[SECTORSIZE + inftl->mbd.mtd->oobsize]; | ||
| 338 | struct mtd_info *mtd = inftl->mbd.mtd; | 337 | struct mtd_info *mtd = inftl->mbd.mtd; |
| 339 | size_t retlen; | 338 | size_t retlen; |
| 340 | int i; | 339 | int i, ret; |
| 340 | u8 *buf; | ||
| 341 | |||
| 342 | buf = kmalloc(SECTORSIZE + mtd->oobsize, GFP_KERNEL); | ||
| 343 | if (!buf) | ||
| 344 | return -1; | ||
| 341 | 345 | ||
| 346 | ret = -1; | ||
| 342 | for (i = 0; i < len; i += SECTORSIZE) { | 347 | for (i = 0; i < len; i += SECTORSIZE) { |
| 343 | if (mtd_read(mtd, address, SECTORSIZE, &retlen, buf)) | 348 | if (mtd_read(mtd, address, SECTORSIZE, &retlen, buf)) |
| 344 | return -1; | 349 | goto out; |
| 345 | if (memcmpb(buf, 0xff, SECTORSIZE) != 0) | 350 | if (memcmpb(buf, 0xff, SECTORSIZE) != 0) |
| 346 | return -1; | 351 | goto out; |
| 347 | 352 | ||
| 348 | if (check_oob) { | 353 | if (check_oob) { |
| 349 | if(inftl_read_oob(mtd, address, mtd->oobsize, | 354 | if(inftl_read_oob(mtd, address, mtd->oobsize, |
| 350 | &retlen, &buf[SECTORSIZE]) < 0) | 355 | &retlen, &buf[SECTORSIZE]) < 0) |
| 351 | return -1; | 356 | goto out; |
| 352 | if (memcmpb(buf + SECTORSIZE, 0xff, mtd->oobsize) != 0) | 357 | if (memcmpb(buf + SECTORSIZE, 0xff, mtd->oobsize) != 0) |
| 353 | return -1; | 358 | goto out; |
| 354 | } | 359 | } |
| 355 | address += SECTORSIZE; | 360 | address += SECTORSIZE; |
| 356 | } | 361 | } |
| 357 | 362 | ||
| 358 | return 0; | 363 | ret = 0; |
| 364 | |||
| 365 | out: | ||
| 366 | kfree(buf); | ||
| 367 | return ret; | ||
| 359 | } | 368 | } |
| 360 | 369 | ||
| 361 | /* | 370 | /* |
diff --git a/drivers/mtd/nftlmount.c b/drivers/mtd/nftlmount.c index a6fbfa4e5799..6281da3dadac 100644 --- a/drivers/mtd/nftlmount.c +++ b/drivers/mtd/nftlmount.c | |||
| @@ -272,28 +272,37 @@ static int memcmpb(void *a, int c, int n) | |||
| 272 | static int check_free_sectors(struct NFTLrecord *nftl, unsigned int address, int len, | 272 | static int check_free_sectors(struct NFTLrecord *nftl, unsigned int address, int len, |
| 273 | int check_oob) | 273 | int check_oob) |
| 274 | { | 274 | { |
| 275 | u8 buf[SECTORSIZE + nftl->mbd.mtd->oobsize]; | ||
| 276 | struct mtd_info *mtd = nftl->mbd.mtd; | 275 | struct mtd_info *mtd = nftl->mbd.mtd; |
| 277 | size_t retlen; | 276 | size_t retlen; |
| 278 | int i; | 277 | int i, ret; |
| 278 | u8 *buf; | ||
| 279 | |||
| 280 | buf = kmalloc(SECTORSIZE + mtd->oobsize, GFP_KERNEL); | ||
| 281 | if (!buf) | ||
| 282 | return -1; | ||
| 279 | 283 | ||
| 284 | ret = -1; | ||
| 280 | for (i = 0; i < len; i += SECTORSIZE) { | 285 | for (i = 0; i < len; i += SECTORSIZE) { |
| 281 | if (mtd_read(mtd, address, SECTORSIZE, &retlen, buf)) | 286 | if (mtd_read(mtd, address, SECTORSIZE, &retlen, buf)) |
| 282 | return -1; | 287 | goto out; |
| 283 | if (memcmpb(buf, 0xff, SECTORSIZE) != 0) | 288 | if (memcmpb(buf, 0xff, SECTORSIZE) != 0) |
| 284 | return -1; | 289 | goto out; |
| 285 | 290 | ||
| 286 | if (check_oob) { | 291 | if (check_oob) { |
| 287 | if(nftl_read_oob(mtd, address, mtd->oobsize, | 292 | if(nftl_read_oob(mtd, address, mtd->oobsize, |
| 288 | &retlen, &buf[SECTORSIZE]) < 0) | 293 | &retlen, &buf[SECTORSIZE]) < 0) |
| 289 | return -1; | 294 | goto out; |
| 290 | if (memcmpb(buf + SECTORSIZE, 0xff, mtd->oobsize) != 0) | 295 | if (memcmpb(buf + SECTORSIZE, 0xff, mtd->oobsize) != 0) |
| 291 | return -1; | 296 | goto out; |
| 292 | } | 297 | } |
| 293 | address += SECTORSIZE; | 298 | address += SECTORSIZE; |
| 294 | } | 299 | } |
| 295 | 300 | ||
| 296 | return 0; | 301 | ret = 0; |
| 302 | |||
| 303 | out: | ||
| 304 | kfree(buf); | ||
| 305 | return ret; | ||
| 297 | } | 306 | } |
| 298 | 307 | ||
| 299 | /* NFTL_format: format a Erase Unit by erasing ALL Erase Zones in the Erase Unit and | 308 | /* NFTL_format: format a Erase Unit by erasing ALL Erase Zones in the Erase Unit and |