path: root/drivers/gpu/drm/nouveau/nvkm/subdev/secboot/ls_ucode_msgqueue.c
diff options
authorGustavo A. R. Silva <>2018-03-13 11:24:11 -0500
committerBen Skeggs <>2018-05-18 15:01:20 +1000
commit7bf5b70befd7817b9e42acbd2291b2042ea1bf81 (patch)
treee1d40ed5f61beb8beef231e7695e0edd939a3f71 /drivers/gpu/drm/nouveau/nvkm/subdev/secboot/ls_ucode_msgqueue.c
parent9dfbd7319909a948146f5c3438f7bd86c2c53cb6 (diff)
drm/nouveau/secboot: remove VLA usage
In preparation to enabling -Wvla, remove VLA. In this particular case directly use macro NVKM_MSGQUEUE_CMDLINE_SIZE instead of local variable cmdline_size. Also, remove cmdline_size as it is not actually useful anymore. The use of stack Variable Length Arrays needs to be avoided, as they can be a vector for stack exhaustion, which can be both a runtime bug or a security flaw. Also, in general, as code evolves it is easy to lose track of how big a VLA can get. Thus, we can end up having runtime failures that are hard to debug. Also, fixed as part of the directive to remove all VLAs from the kernel: Signed-off-by: Gustavo A. R. Silva <> Reviewed-by: Thierry Reding <> Signed-off-by: Ben Skeggs <>
Diffstat (limited to 'drivers/gpu/drm/nouveau/nvkm/subdev/secboot/ls_ucode_msgqueue.c')
1 files changed, 3 insertions, 4 deletions
diff --git a/drivers/gpu/drm/nouveau/nvkm/subdev/secboot/ls_ucode_msgqueue.c b/drivers/gpu/drm/nouveau/nvkm/subdev/secboot/ls_ucode_msgqueue.c
index 6f10b098676c..1e1f1c635cab 100644
--- a/drivers/gpu/drm/nouveau/nvkm/subdev/secboot/ls_ucode_msgqueue.c
+++ b/drivers/gpu/drm/nouveau/nvkm/subdev/secboot/ls_ucode_msgqueue.c
@@ -80,12 +80,11 @@ acr_ls_msgqueue_post_run(struct nvkm_msgqueue *queue,
struct nvkm_falcon *falcon, u32 addr_args)
struct nvkm_device *device = falcon->owner->device;
- u32 cmdline_size = NVKM_MSGQUEUE_CMDLINE_SIZE;
- u8 buf[cmdline_size];
- memset(buf, 0, cmdline_size);
+ memset(buf, 0, sizeof(buf));
nvkm_msgqueue_write_cmdline(queue, buf);
- nvkm_falcon_load_dmem(falcon, buf, addr_args, cmdline_size, 0);
+ nvkm_falcon_load_dmem(falcon, buf, addr_args, sizeof(buf), 0);
/* rearm the queue so it will wait for the init message */