From: David Laight <David.Laight@ACULAB.COM>
To: 'Martin Uecker' <muecker@gwdg.de>,
Linus Torvalds <torvalds@linux-foundation.org>
Cc: Vincent Mailhol <mailhol.vincent@wanadoo.fr>,
Luc Van Oostenryck <luc.vanoostenryck@gmail.com>,
Nathan Chancellor <nathan@kernel.org>,
"Nick Desaulniers" <ndesaulniers@google.com>,
Bill Wendling <morbo@google.com>,
Justin Stitt <justinstitt@google.com>,
Yury Norov <yury.norov@gmail.com>,
Rasmus Villemoes <linux@rasmusvillemoes.dk>,
Kees Cook <kees@kernel.org>,
"Gustavo A. R. Silva" <gustavoars@kernel.org>,
Jani Nikula <jani.nikula@linux.intel.com>,
Joonas Lahtinen <joonas.lahtinen@linux.intel.com>,
Rodrigo Vivi <rodrigo.vivi@intel.com>,
Tvrtko Ursulin <tursulin@ursulin.net>,
David Airlie <airlied@gmail.com>, Simona Vetter <simona@ffwll.ch>,
Suzuki K Poulose <suzuki.poulose@arm.com>,
Mike Leach <mike.leach@linaro.org>,
James Clark <james.clark@linaro.org>,
Alexander Shishkin <alexander.shishkin@linux.intel.com>,
Rikard Falkeborn <rikard.falkeborn@gmail.com>,
"linux-sparse@vger.kernel.org" <linux-sparse@vger.kernel.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
"llvm@lists.linux.dev" <llvm@lists.linux.dev>,
"linux-hardening@vger.kernel.org"
<linux-hardening@vger.kernel.org>,
"intel-gfx@lists.freedesktop.org"
<intel-gfx@lists.freedesktop.org>,
"dri-devel@lists.freedesktop.org"
<dri-devel@lists.freedesktop.org>,
"coresight@lists.linaro.org" <coresight@lists.linaro.org>,
"linux-arm-kernel@lists.infradead.org"
<linux-arm-kernel@lists.infradead.org>
Subject: RE: [PATCH 02/10] compiler.h: add is_const() as a replacement of __is_constexpr()
Date: Sun, 8 Dec 2024 11:26:44 +0000 [thread overview]
Message-ID: <b71056c1b9e04aa383f2e5608c27290f@AcuMS.aculab.com> (raw)
In-Reply-To: <9d9567dbdaf39688bbd0d240e29dec826a5931ee.camel@gwdg.de>
From: Martin Uecker
> Sent: 07 December 2024 23:52
...
> While the compiler can not automatically prove every use
> of VLA bounded, it can reliably diagnose the cases where it
> can *not* see that it is bounded. Consider this example:
>
> void oob(int n, char p[n]);
> void f(unsigned int n)
> {
> char buf[MIN(n, 100)]; // bounded
> oob(n + 10, buf); // warning
> }
...
The kernel stack has to have enough space for the [100]
so the full amount might as well always be allocated.
The chance of 'trading off' stack usage with another function
in the same call stack that is guaranteed to use less than
its maximum is about zero.
The VLA code also adds an extra stack frame, this pretty much
pessimises everything.
This happened for 'constant' sizes from min(16, sizeof (struct))
because min() needs to be a statement function to avoid re-evaluating
its arguments.
(The version of min() that managed to return constant from constant
input just exploded in cpp, partially responsible for 18MB lines
being fed into the compiler part.)
David
-
Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK
Registration No: 1397386 (Wales)
next prev parent reply other threads:[~2024-12-08 11:27 UTC|newest]
Thread overview: 80+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-12-02 17:33 [PATCH 00/10] compiler.h: refactor __is_constexpr() into is_const{,_true,_false}() Vincent Mailhol via B4 Relay
2024-12-02 17:33 ` [PATCH 01/10] compiler.h: add statically_false() Vincent Mailhol via B4 Relay
2024-12-04 18:30 ` David Laight
2024-12-05 15:25 ` Vincent Mailhol
2024-12-06 3:39 ` David Laight
2024-12-06 4:42 ` Vincent Mailhol
2024-12-02 17:33 ` [PATCH 02/10] compiler.h: add is_const() as a replacement of __is_constexpr() Vincent Mailhol via B4 Relay
2024-12-04 18:39 ` David Laight
2024-12-04 21:20 ` Yury Norov
2024-12-05 15:31 ` Vincent Mailhol
2024-12-06 2:25 ` David Laight
2024-12-06 6:14 ` Linus Torvalds
2024-12-06 7:19 ` Vincent Mailhol
2024-12-06 8:49 ` Vincent Mailhol
2024-12-06 8:29 ` Martin Uecker
2024-12-06 18:30 ` Vincent Mailhol
2024-12-06 18:52 ` Linus Torvalds
2024-12-06 19:02 ` Linus Torvalds
2024-12-06 19:06 ` David Laight
2024-12-06 19:15 ` Linus Torvalds
2024-12-06 19:38 ` Willy Tarreau
2024-12-06 19:43 ` David Laight
2024-12-06 19:38 ` David Laight
2024-12-06 20:23 ` David Laight
2024-12-07 7:42 ` Vincent Mailhol
2024-12-07 11:19 ` David Laight
2024-12-07 12:24 ` Vincent Mailhol
2024-12-07 18:19 ` Linus Torvalds
2024-12-07 19:51 ` Martin Uecker
2024-12-07 20:31 ` Linus Torvalds
2024-12-07 20:54 ` David Laight
2024-12-07 21:00 ` David Laight
2024-12-07 21:06 ` Martin Uecker
2024-12-07 21:45 ` David Laight
2024-12-09 9:59 ` Rasmus Villemoes
2024-12-06 6:40 ` Martin Uecker
2024-12-06 7:26 ` Vincent Mailhol
2024-12-07 8:39 ` Martin Uecker
2024-12-07 10:33 ` David Laight
2024-12-07 13:07 ` Martin Uecker
2024-12-07 18:26 ` Linus Torvalds
2024-12-07 19:19 ` Martin Uecker
2024-12-07 20:28 ` Linus Torvalds
2024-12-07 23:52 ` Martin Uecker
2024-12-08 1:58 ` Linus Torvalds
2024-12-08 9:18 ` Martin Uecker
2024-12-08 11:26 ` David Laight [this message]
2024-12-08 12:38 ` Martin Uecker
2024-12-08 16:48 ` David Laight
2024-12-08 18:10 ` Martin Uecker
2024-12-08 19:05 ` Linus Torvalds
2024-12-07 12:45 ` Vincent Mailhol
2024-12-07 13:18 ` Martin Uecker
2024-12-07 13:50 ` Vincent Mailhol
2024-12-07 14:59 ` Martin Uecker
2024-12-07 15:10 ` Martin Uecker
2024-12-07 15:23 ` Vincent Mailhol
2024-12-07 18:07 ` David Laight
2024-12-06 9:34 ` David Laight
2024-12-02 17:33 ` [PATCH 03/10] compiler.h: add is_const_true() and is_const_false() Vincent Mailhol via B4 Relay
2024-12-04 18:48 ` David Laight
2024-12-05 15:48 ` Vincent Mailhol
2024-12-02 17:33 ` [PATCH 04/10] linux/bits.h: simplify GENMASK_INPUT_CHECK() by using is_const_true() Vincent Mailhol via B4 Relay
2024-12-04 18:52 ` David Laight
2024-12-05 15:49 ` Vincent Mailhol
2024-12-02 17:33 ` [PATCH 05/10] minmax: simplify __clamp_once() by using is_const_false() Vincent Mailhol via B4 Relay
2024-12-04 18:54 ` David Laight
2024-12-05 15:52 ` Vincent Mailhol
2024-12-09 12:32 ` Vincent Mailhol
2024-12-02 17:33 ` [PATCH 06/10] fortify: replace __is_constexpr() by is_const() in strlen() Vincent Mailhol via B4 Relay
2024-12-04 18:58 ` David Laight
2024-12-05 15:53 ` Vincent Mailhol
2024-12-02 17:33 ` [PATCH 07/10] overflow: replace __is_constexpr() by is_const() Vincent Mailhol via B4 Relay
2024-12-02 17:33 ` [PATCH 08/10] drm/i915/reg: replace __is_const_expr() by is_const_true() or is_const() Vincent Mailhol via B4 Relay
2024-12-04 19:00 ` David Laight
2024-12-05 15:56 ` Vincent Mailhol
2024-12-02 17:33 ` [PATCH 09/10] coresight: etm4x: replace __is_const_expr() by is_const() Vincent Mailhol via B4 Relay
2024-12-02 17:33 ` [PATCH 10/10] compiler.h: remove __is_constexpr() Vincent Mailhol via B4 Relay
2024-12-04 23:58 ` [PATCH 00/10] compiler.h: refactor __is_constexpr() into is_const{,_true,_false}() Kees Cook
2024-12-05 15:21 ` Vincent Mailhol
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=b71056c1b9e04aa383f2e5608c27290f@AcuMS.aculab.com \
--to=david.laight@aculab.com \
--cc=airlied@gmail.com \
--cc=alexander.shishkin@linux.intel.com \
--cc=coresight@lists.linaro.org \
--cc=dri-devel@lists.freedesktop.org \
--cc=gustavoars@kernel.org \
--cc=intel-gfx@lists.freedesktop.org \
--cc=james.clark@linaro.org \
--cc=jani.nikula@linux.intel.com \
--cc=joonas.lahtinen@linux.intel.com \
--cc=justinstitt@google.com \
--cc=kees@kernel.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-hardening@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-sparse@vger.kernel.org \
--cc=linux@rasmusvillemoes.dk \
--cc=llvm@lists.linux.dev \
--cc=luc.vanoostenryck@gmail.com \
--cc=mailhol.vincent@wanadoo.fr \
--cc=mike.leach@linaro.org \
--cc=morbo@google.com \
--cc=muecker@gwdg.de \
--cc=nathan@kernel.org \
--cc=ndesaulniers@google.com \
--cc=rikard.falkeborn@gmail.com \
--cc=rodrigo.vivi@intel.com \
--cc=simona@ffwll.ch \
--cc=suzuki.poulose@arm.com \
--cc=torvalds@linux-foundation.org \
--cc=tursulin@ursulin.net \
--cc=yury.norov@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox