From patchwork Fri Jun 29 18:48:18 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 10497241 X-Patchwork-Delegate: agross@codeaurora.org Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 523EE601C7 for ; Fri, 29 Jun 2018 18:48:23 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 4094D29851 for ; Fri, 29 Jun 2018 18:48:23 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 340E52984F; Fri, 29 Jun 2018 18:48:23 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.8 required=2.0 tests=BAYES_00,DKIM_SIGNED, MAILING_LIST_MULTI, RCVD_IN_DNSWL_HI, T_DKIM_INVALID autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 9F16F2984F for ; Fri, 29 Jun 2018 18:48:22 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754722AbeF2SsV (ORCPT ); Fri, 29 Jun 2018 14:48:21 -0400 Received: from mail-pl0-f65.google.com ([209.85.160.65]:44387 "EHLO mail-pl0-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753108AbeF2SsU (ORCPT ); Fri, 29 Jun 2018 14:48:20 -0400 Received: by mail-pl0-f65.google.com with SMTP id m16-v6so4862946pls.11 for ; Fri, 29 Jun 2018 11:48:20 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=date:from:to:cc:subject:message-id:mime-version:content-disposition; bh=/bVSRf1pFV9mW0ojgQHvp3NBSea7vZWfijbAIaCa6m4=; b=e47vWq+SJusXcfNa0kXS+OB1p1BmirpoXvxYHcXoFvuHfehrILm6GvptHeqLyelOu6 DS+p8xfG+H2YjfomZJSK0LKFFgvUiNX/Anj5DFu3+QVPN5Z7/lh28GVA34GjPWWS8hw5 nRoNTuK0XLenXZEgl8Xe5kYRMPi/V1UkbrlVI= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:mime-version :content-disposition; bh=/bVSRf1pFV9mW0ojgQHvp3NBSea7vZWfijbAIaCa6m4=; b=Qby5g8mEEn/3i8VY3RodF9XUlTDVFMt/A2vbu2exgysENSfvx17ummyUjHSt/r4M9o k8oJK6KB9DvsIOd6UQVoneaJXxNiR7QzWb97LCFzfM102AzSTsMzS/LpUGYLifXFfWQS nB0yINRW3sX5vcJcKTFdp+ndZAxIsOgB1fwQxDbZpHv9HtYVAAZ1sbV40rnpkNY+ug06 8mxxcAjqs/A7aSmLo4gCML/iHVpwoCnbhgwwTdqKEXIhAY9TdTr7335LdY7PgLsPJU8K 8GwAn7yn7u6NS+swUZe1MwTbmZvnVtSrKhxOn0uy/eWVC92axYLXGLukPcm56bjc3vZY u1cg== X-Gm-Message-State: APt69E3KY2jjsNkFWgJU1chMwRGob+o0JpSyoLQMp9boviv9lzNWv7bn 2JcoGTw3ZdyUJGdQaW+QWMo54RO5TtE= X-Google-Smtp-Source: ADUXVKKi2K5+QorKWSLLV27W9lljztkTay4P4QICdPgdp8225lxEEhKByGuLThVHanN2TddaSyLTQA== X-Received: by 2002:a17:902:89:: with SMTP id a9-v6mr15702910pla.326.1530298100265; Fri, 29 Jun 2018 11:48:20 -0700 (PDT) Received: from www.outflux.net (173-164-112-133-Oregon.hfc.comcastbusiness.net. [173.164.112.133]) by smtp.gmail.com with ESMTPSA id m5-v6sm1067720pfm.27.2018.06.29.11.48.18 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Fri, 29 Jun 2018 11:48:19 -0700 (PDT) Date: Fri, 29 Jun 2018 11:48:18 -0700 From: Kees Cook To: Rob Clark Cc: David Airlie , Jordan Crouse , linux-arm-msm@vger.kernel.org, dri-devel@lists.freedesktop.org, freedreno@lists.freedesktop.org, linux-kernel@vger.kernel.org Subject: [PATCH] drm/msm/adreno: Remove VLA usage Message-ID: <20180629184818.GA37439@beast> MIME-Version: 1.0 Content-Disposition: inline Sender: linux-arm-msm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-arm-msm@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP In the quest to remove all stack VLA usage from the kernel[1], this switches to using a kasprintf()ed buffer. Return paths are updated to free the allocation. [1] https://lkml.kernel.org/r/CA+55aFzCG-zNmZwX4A2FQpadafLfEzK6CC=qPXydAacU1RqZWA@mail.gmail.com Signed-off-by: Kees Cook Reviewed-by: Arnd Bergmann Acked-by: Jordan Crouse --- drivers/gpu/drm/msm/adreno/a5xx_gpu.c | 7 +++++-- drivers/gpu/drm/msm/adreno/adreno_gpu.c | 28 +++++++++++++++++-------- 2 files changed, 24 insertions(+), 11 deletions(-) diff --git a/drivers/gpu/drm/msm/adreno/a5xx_gpu.c b/drivers/gpu/drm/msm/adreno/a5xx_gpu.c index d39400e5bc42..f5f76f8151f9 100644 --- a/drivers/gpu/drm/msm/adreno/a5xx_gpu.c +++ b/drivers/gpu/drm/msm/adreno/a5xx_gpu.c @@ -11,6 +11,7 @@ * */ +#include #include #include #include @@ -19,6 +20,7 @@ #include #include #include +#include #include "msm_gem.h" #include "msm_mmu.h" #include "a5xx_gpu.h" @@ -91,12 +93,13 @@ static int zap_shader_load_mdt(struct msm_gpu *gpu, const char *fwname) ret = qcom_mdt_load(dev, fw, fwname, GPU_PAS_ID, mem_region, mem_phys, mem_size, NULL); } else { - char newname[strlen("qcom/") + strlen(fwname) + 1]; + char *newname; - sprintf(newname, "qcom/%s", fwname); + newname = kasprintf(GFP_KERNEL, "qcom/%s", fwname); ret = qcom_mdt_load(dev, fw, newname, GPU_PAS_ID, mem_region, mem_phys, mem_size, NULL); + kfree(newname); } if (ret) goto out; diff --git a/drivers/gpu/drm/msm/adreno/adreno_gpu.c b/drivers/gpu/drm/msm/adreno/adreno_gpu.c index bcbf9f2a29f9..bfaafdfc7eb2 100644 --- a/drivers/gpu/drm/msm/adreno/adreno_gpu.c +++ b/drivers/gpu/drm/msm/adreno/adreno_gpu.c @@ -17,7 +17,9 @@ * this program. If not, see . */ +#include #include +#include #include "adreno_gpu.h" #include "msm_gem.h" #include "msm_mmu.h" @@ -70,10 +72,12 @@ adreno_request_fw(struct adreno_gpu *adreno_gpu, const char *fwname) { struct drm_device *drm = adreno_gpu->base.dev; const struct firmware *fw = NULL; - char newname[strlen("qcom/") + strlen(fwname) + 1]; + char *newname; int ret; - sprintf(newname, "qcom/%s", fwname); + newname = kasprintf(GFP_KERNEL, "qcom/%s", fwname); + if (!newname) + return ERR_PTR(-ENOMEM); /* * Try first to load from qcom/$fwfile using a direct load (to avoid @@ -87,11 +91,12 @@ adreno_request_fw(struct adreno_gpu *adreno_gpu, const char *fwname) dev_info(drm->dev, "loaded %s from new location\n", newname); adreno_gpu->fwloc = FW_LOCATION_NEW; - return fw; + goto out; } else if (adreno_gpu->fwloc != FW_LOCATION_UNKNOWN) { dev_err(drm->dev, "failed to load %s: %d\n", newname, ret); - return ERR_PTR(ret); + fw = ERR_PTR(ret); + goto out; } } @@ -106,11 +111,12 @@ adreno_request_fw(struct adreno_gpu *adreno_gpu, const char *fwname) dev_info(drm->dev, "loaded %s from legacy location\n", newname); adreno_gpu->fwloc = FW_LOCATION_LEGACY; - return fw; + goto out; } else if (adreno_gpu->fwloc != FW_LOCATION_UNKNOWN) { dev_err(drm->dev, "failed to load %s: %d\n", fwname, ret); - return ERR_PTR(ret); + fw = ERR_PTR(ret); + goto out; } } @@ -126,16 +132,20 @@ adreno_request_fw(struct adreno_gpu *adreno_gpu, const char *fwname) dev_info(drm->dev, "loaded %s with helper\n", newname); adreno_gpu->fwloc = FW_LOCATION_HELPER; - return fw; + goto out; } else if (adreno_gpu->fwloc != FW_LOCATION_UNKNOWN) { dev_err(drm->dev, "failed to load %s: %d\n", newname, ret); - return ERR_PTR(ret); + fw = ERR_PTR(ret); + goto out; } } dev_err(drm->dev, "failed to load %s\n", fwname); - return ERR_PTR(-ENOENT); + fw = ERR_PTR(-ENOENT); +out: + kfree(newname); + return fw; } static int adreno_load_fw(struct adreno_gpu *adreno_gpu)