On Mon, Mar 12, 2018 at 04:00:36PM +0100, Rasmus Villemoes wrote: > On 2018-03-10 01:10, Laura Abbott wrote: > > @@ -2887,14 +2909,30 @@ void gpiod_set_array_value_complex(bool raw, bool can_sleep, > > > > while (i < array_size) { > > struct gpio_chip *chip = desc_array[i]->gdev->chip; > > - unsigned long mask[BITS_TO_LONGS(chip->ngpio)]; > > - unsigned long bits[BITS_TO_LONGS(chip->ngpio)]; > > + unsigned long *mask; > > + unsigned long *bits; > > int count = 0; > > > > + mask = kmalloc_array(BITS_TO_LONGS(chip->ngpio), > > + sizeof(*mask), > > + can_sleep ? GFP_KERNEL : GFP_ATOMIC); > > + > > + if (!mask) > > + return; > > + > > + bits = kmalloc_array(BITS_TO_LONGS(chip->ngpio), > > + sizeof(*bits), > > + can_sleep ? GFP_KERNEL : GFP_ATOMIC); > > + > > + if (!bits) { > > + kfree(mask); > > + return; > > + } > > + > > if (!can_sleep) > > WARN_ON(chip->can_sleep); > > > > - memset(mask, 0, sizeof(mask)); > > + memset(mask, 0, sizeof(*mask)); > > Other random thoughts: maybe two allocations for each loop iteration is > a bit much. Maybe do a first pass over the array and collect the maximal > chip->ngpio, do the memory allocation and freeing outside the loop (then > you'd of course need to preserve the memset() with appropriate length > computed). And maybe even just do one allocation, making bits point at > the second half. I think those are great ideas because the function is kind of a hotpath and usage of VLAs was motivated by the desire to make it fast. I'd go one step further and store the maximum ngpio of all registered chips in a global variable (and update it in gpiochip_add_data_with_key()), then allocate 2 * max_ngpio once before entering the loop (as you've suggested). That would avoid the first pass to determine the maximum chip->ngpio. In most systems max_ngpio will be < 64, so one or two unsigned longs depending on the arch's bitness. FWIW, to achieve a stack overflow the platform or a driver need to specify a huge number of GPIOs for a chip. So the exploitability is limited, but of course it's still better to get rid of the VLAs. Running v2 of this patch through checkpatch --strict results in a few "Alignment should match open parenthesis" and one "Please don't use multiple blank lines" complaint, granted those are nits but it may be worth fixing them up front lest the usual suspects come along and submit bikeshedding patches. Thanks, Lukas -- To unsubscribe from this list: send the line "unsubscribe linux-gpio" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html