On Wed, Aug 8, 2018 at 2:46 AM, Kalle Valo <kvalo@xxxxxxxxxxxxxx> wrote: > Stanislaw Gruszka <sgruszka@xxxxxxxxxx> writes: > >> On Tue, Aug 07, 2018 at 03:50:40PM -0700, Kees Cook wrote: >>> Even with "const" variables, the compiler will generate warnings about >>> VLA usage. In the quest to remove all VLAs from the kernel[1], this uses >>> a #define instead of a const to do the array sizing. >>> >>> [1] >>> https://lkml.kernel.org/r/CA+55aFzCG-zNmZwX4A2FQpadafLfEzK6CC=qPXydAacU1RqZWA@xxxxxxxxxxxxxx >>> >>> Fixes: e87b5039511a ("mt76x0: eeprom files") >>> Signed-off-by: Kees Cook <keescook@xxxxxxxxxxxx> >>> --- >>> Please include this for the v4.19 merge window. The VLA was introduced >>> with the new source file (which I also note is missing a SPDX line), so >> >> I thought SPDX line is needed only if file has no license and eeprom.c >> file and other mt76x0 files have specified the license. Is SPDX still >> needed in that case ? I thought all source files needed SPDX: https://lwn.net/Articles/739183/ >> >>> +#define MT_MAP_READS DIV_ROUND_UP(MT_EFUSE_USAGE_MAP_SIZE, 16) >>> static int >>> mt76x0_efuse_physical_size_check(struct mt76x0_dev *dev) >>> { >>> - const int map_reads = DIV_ROUND_UP(MT_EFUSE_USAGE_MAP_SIZE, 16); >>> - u8 data[map_reads * 16]; >> >> Why this is variable length array? DIV_ROUND_UP can not be calculated >> at compile time? But if so, macro do not change the situation either. > > The commit log mentioned: > > "Even with "const" variables, the compiler will generate warnings about > VLA usage." > > So I guess the compiler (gcc?) is just not smart enough in this case? Correct. This is technically a false positive, but with the goal of adding -Wvla to the build globally, we have to get rid of these as well. It's a little frustrating, I agree, but with all others fixed now, these stand out. :) -Kees -- Kees Cook Pixel Security
