[0/4] system: Forbid alloca()

Message ID	20250605193540.59874-1-philmd@linaro.org
Headers	show Delivered-To: patch@linaro.org Received-SPF: pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; From: =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= <philmd@linaro.org> To: qemu-devel@nongnu.org Cc: qemu-ppc@nongnu.org, Paolo Bonzini <pbonzini@redhat.com>, qemu-arm@nongnu.org, Glenn Miles <milesg@linux.ibm.com>, =?utf-8?q?Marc-And?= =?utf-8?q?r=C3=A9_Lureau?= <marcandre.lureau@redhat.com>, Peter Maydell <peter.maydell@linaro.org>, Stefan Hajnoczi <stefanha@redhat.com>, Stefan Berger <stefanb@linux.vnet.ibm.com>, =?utf-8?q?Philippe_Mathieu-Daud?= =?utf-8?q?=C3=A9?= <philmd@linaro.org>, =?utf-8?q?Daniel_P_=2E_Berrang?= =?utf-8?q?=C3=A9?= <berrange@redhat.com> Subject: [PATCH 0/4] system: Forbid alloca() Date: Thu, 5 Jun 2025 21:35:36 +0200 Message-ID: <20250605193540.59874-1-philmd@linaro.org> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 8bit Received-SPF: pass client-ip=2a00:1450:4864:20::32b; envelope-from=philmd@linaro.org; helo=mail-wm1-x32b.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action Precedence: list Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org Sender: qemu-devel-bounces+patch=linaro.org@nongnu.org
Series	system: Forbid alloca() \| expand [0/4] system: Forbid alloca() [1/4] hw/gpio/pca9552: Avoid using g_newa() [2/4] backends/tpmL Avoid using g_alloca() [3/4] tests/unit/test-char: Avoid using g_alloca() [RFC,4/4] buildsys: Prohibit alloca() use on system code

Message ID

20250605193540.59874-1-philmd@linaro.org

Headers

Received-SPF: pass (google.com: domain of
 qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as
 permitted sender) client-ip=209.51.188.17;
From: =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= <philmd@linaro.org>
To: qemu-devel@nongnu.org
Cc: qemu-ppc@nongnu.org, Paolo Bonzini <pbonzini@redhat.com>,
 qemu-arm@nongnu.org, Glenn Miles <milesg@linux.ibm.com>, =?utf-8?q?Marc-And?=
	=?utf-8?q?r=C3=A9_Lureau?= <marcandre.lureau@redhat.com>,
 Peter Maydell <peter.maydell@linaro.org>,
 Stefan Hajnoczi <stefanha@redhat.com>,
 Stefan Berger <stefanb@linux.vnet.ibm.com>, =?utf-8?q?Philippe_Mathieu-Daud?=
	=?utf-8?q?=C3=A9?= <philmd@linaro.org>, =?utf-8?q?Daniel_P_=2E_Berrang?=
	=?utf-8?q?=C3=A9?= <berrange@redhat.com>
Subject: [PATCH 0/4] system: Forbid alloca()
Date: Thu,  5 Jun 2025 21:35:36 +0200
Message-ID: <20250605193540.59874-1-philmd@linaro.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
Received-SPF: pass client-ip=2a00:1450:4864:20::32b;
 envelope-from=philmd@linaro.org; helo=mail-wm1-x32b.google.com
X-Spam_score_int: -20
X-Spam_score: -2.1
X-Spam_bar: --
X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
 RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org
Sender: qemu-devel-bounces+patch=linaro.org@nongnu.org

Series

system: Forbid alloca() | expand

Message

Philippe Mathieu-Daudé June 5, 2025, 7:35 p.m. UTC

Eradicate alloca() uses on system code, then enable
-Walloca to prevent new ones to creep back in.

Philippe Mathieu-Daudé (4):
  hw/gpio/pca9552: Avoid using g_newa()
  backends/tpmL Avoid using g_alloca()
  tests/unit/test-char: Avoid using g_alloca()
  buildsys: Prohibit alloca() use on system code

 meson.build                 | 4 ++++
 backends/tpm/tpm_emulator.c | 4 ++--
 hw/gpio/pca9552.c           | 2 +-
 tests/unit/test-char.c      | 3 +--
 4 files changed, 8 insertions(+), 5 deletions(-)

Comments

Pierrick Bouvier June 5, 2025, 8:53 p.m. UTC | #1

On 6/5/25 12:35 PM, Philippe Mathieu-Daudé wrote:
> Eradicate alloca() uses on system code, then enable
> -Walloca to prevent new ones to creep back in.
> 
> Philippe Mathieu-Daudé (4):
>    hw/gpio/pca9552: Avoid using g_newa()
>    backends/tpmL Avoid using g_alloca()
>    tests/unit/test-char: Avoid using g_alloca()
>    buildsys: Prohibit alloca() use on system code
> 
>   meson.build                 | 4 ++++
>   backends/tpm/tpm_emulator.c | 4 ++--
>   hw/gpio/pca9552.c           | 2 +-
>   tests/unit/test-char.c      | 3 +--
>   4 files changed, 8 insertions(+), 5 deletions(-)
> 

Good idea!

For the series:
Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>

Peter Maydell June 6, 2025, 8:37 a.m. UTC | #2

On Thu, 5 Jun 2025 at 20:35, Philippe Mathieu-Daudé <philmd@linaro.org> wrote:
>
> Eradicate alloca() uses on system code, then enable
> -Walloca to prevent new ones to creep back in.
>
> Philippe Mathieu-Daudé (4):
>   hw/gpio/pca9552: Avoid using g_newa()
>   backends/tpmL Avoid using g_alloca()
>   tests/unit/test-char: Avoid using g_alloca()
>   buildsys: Prohibit alloca() use on system code
>
>  meson.build                 | 4 ++++
>  backends/tpm/tpm_emulator.c | 4 ++--
>  hw/gpio/pca9552.c           | 2 +-
>  tests/unit/test-char.c      | 3 +--
>  4 files changed, 8 insertions(+), 5 deletions(-)

There is also a use of alloca() in target/ppc/kvm.c
in kvmppc_load_htab_chunk(), so I suspect that patch 4
here will break compilation on PPC hosts with KVM enabled.

thanks
-- PMM

Alex Bennée June 6, 2025, 8:44 a.m. UTC | #3

Philippe Mathieu-Daudé <philmd@linaro.org> writes:

> Eradicate alloca() uses on system code, then enable
> -Walloca to prevent new ones to creep back in.

Should we also mention it in style.rst:

  Use of the ``malloc/free/realloc/calloc/valloc/memalign/posix_memalign``
  APIs is not allowed in the QEMU codebase. Instead of these routines,

>
> Philippe Mathieu-Daudé (4):
>   hw/gpio/pca9552: Avoid using g_newa()
>   backends/tpmL Avoid using g_alloca()
>   tests/unit/test-char: Avoid using g_alloca()
>   buildsys: Prohibit alloca() use on system code
>
>  meson.build                 | 4 ++++
>  backends/tpm/tpm_emulator.c | 4 ++--
>  hw/gpio/pca9552.c           | 2 +-
>  tests/unit/test-char.c      | 3 +--
>  4 files changed, 8 insertions(+), 5 deletions(-)

Philippe Mathieu-Daudé June 6, 2025, 8:53 a.m. UTC | #4

On 6/6/25 10:37, Peter Maydell wrote:
> On Thu, 5 Jun 2025 at 20:35, Philippe Mathieu-Daudé <philmd@linaro.org> wrote:
>>
>> Eradicate alloca() uses on system code, then enable
>> -Walloca to prevent new ones to creep back in.
>>
>> Philippe Mathieu-Daudé (4):
>>    hw/gpio/pca9552: Avoid using g_newa()
>>    backends/tpmL Avoid using g_alloca()
>>    tests/unit/test-char: Avoid using g_alloca()
>>    buildsys: Prohibit alloca() use on system code
>>
>>   meson.build                 | 4 ++++
>>   backends/tpm/tpm_emulator.c | 4 ++--
>>   hw/gpio/pca9552.c           | 2 +-
>>   tests/unit/test-char.c      | 3 +--
>>   4 files changed, 8 insertions(+), 5 deletions(-)
> 
> There is also a use of alloca() in target/ppc/kvm.c
> in kvmppc_load_htab_chunk(), so I suspect that patch 4
> here will break compilation on PPC hosts with KVM enabled.

Oops sorry I missed that one :/