From: David Laight <David.Laight@ACULAB.COM>
To: 'Linus Torvalds' <torvalds@linux-foundation.org>,
Florian Weimer <fweimer@redhat.com>
Cc: Kees Cook <keescook@chromium.org>,
Andrew Morton <akpm@linux-foundation.org>,
Josh Poimboeuf <jpoimboe@redhat.com>,
Rasmus Villemoes <linux@rasmusvillemoes.dk>,
Randy Dunlap <rdunlap@infradead.org>,
Miguel Ojeda <miguel.ojeda.sandonis@gmail.com>,
Ingo Molnar <mingo@kernel.org>, Ian Abbott <abbotti@mev.co.uk>,
linux-input <linux-input@vger.kernel.org>,
linux-btrfs <linux-btrfs@vger.kernel.org>,
Network Development <netdev@vger.kernel.org>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
Kernel Hardening <kernel-hardening@lists.openwall.com>
Subject: RE: [PATCH v5 0/2] Remove false-positive VLAs when using max()
Date: Fri, 16 Mar 2018 17:44:52 +0000 [thread overview]
Message-ID: <a37f7b0da04f4ede9fac2c88f7079a8a@AcuMS.aculab.com> (raw)
In-Reply-To: <CA+55aFx92dXg-qnrjGS2Rsna6TE5HSPBgGpSA3cv4n_n3RqBzA@mail.gmail.com>
From: Linus Torvalds
> Sent: 16 March 2018 17:29
> On Fri, Mar 16, 2018 at 4:47 AM, Florian Weimer <fweimer@redhat.com> wrote:
> >
> > If you want to catch stack frames which have unbounded size,
> > -Werror=stack-usage=1000 or -Werror=vla-larger-than=1000 (with the constant
> > adjusted as needed) might be the better approach.
>
> No, we want to catch *variable* stack sizes.
>
> Does "-Werror=vla-larger-than=0" perhaps work for that? No, because
> the stupid compiler says that is "meaningless".
>
> And no, using "-Werror=vla-larger-than=1" doesn't work either, because
> the moronic compiler continues to think that "vla" is about the
> _type_, not the code:
>
> t.c: In function ‘test’:
> t.c:6:6: error: argument to variable-length array is too large
> [-Werror=vla-larger-than=]
> int array[(1,100)];
>
> Gcc people are crazy.
>
> Is there really no way to just say "shut up about the stupid _syntax_
> issue that is entirely irrelevant, and give us the _code_ issue".
I looked at the generated code for one of the constant sized VLA that
the compiler barfed at.
It seemed to subtract constants from %sp separately for the VLA.
So it looks like the compiler treats them as VLA even though it
knows the size.
That is probably missing optimisation.
David
next prev parent reply other threads:[~2018-03-16 17:44 UTC|newest]
Thread overview: 37+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-03-16 4:25 [PATCH v5 0/2] Remove false-positive VLAs when using max() Kees Cook
2018-03-16 4:25 ` [PATCH v5 1/2] kernel.h: Introduce const_max_t() for VLA removal Kees Cook
2018-03-16 4:25 ` [PATCH v5 2/2] Remove false-positive VLAs when using max() Kees Cook
2018-03-19 10:45 ` Andrey Ryabinin
2018-03-16 11:47 ` [PATCH v5 0/2] " Florian Weimer
2018-03-16 17:29 ` Linus Torvalds
2018-03-16 17:32 ` Florian Weimer
2018-03-16 17:44 ` David Laight [this message]
2018-03-16 20:25 ` Linus Torvalds
2018-03-16 17:55 ` Al Viro
2018-03-16 18:14 ` Al Viro
2018-03-16 19:27 ` Linus Torvalds
2018-03-16 20:03 ` Miguel Ojeda
2018-03-16 20:14 ` Linus Torvalds
2018-03-16 20:19 ` Linus Torvalds
2018-03-17 0:48 ` Miguel Ojeda
2018-03-17 1:49 ` Miguel Ojeda
2018-03-16 20:12 ` Al Viro
2018-03-16 20:15 ` Linus Torvalds
2018-03-16 20:18 ` Al Viro
2018-03-17 7:27 ` Kees Cook
2018-03-17 18:52 ` Linus Torvalds
2018-03-17 20:07 ` Kees Cook
2018-03-17 22:55 ` Josh Poimboeuf
2018-03-20 23:23 ` Linus Torvalds
2018-03-20 23:26 ` Linus Torvalds
2018-03-21 0:05 ` Al Viro
2018-03-22 15:01 ` Kees Cook
2018-03-22 15:13 ` David Laight
2018-03-22 17:04 ` Linus Torvalds
2018-03-18 21:13 ` Rasmus Villemoes
2018-03-18 21:33 ` Linus Torvalds
2018-03-18 22:59 ` Rasmus Villemoes
2018-03-18 23:36 ` Linus Torvalds
2018-03-19 9:43 ` David Laight
2018-03-19 23:29 ` Linus Torvalds
2018-03-20 3:10 ` Arnd Bergmann
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=a37f7b0da04f4ede9fac2c88f7079a8a@AcuMS.aculab.com \
--to=david.laight@aculab.com \
--cc=abbotti@mev.co.uk \
--cc=akpm@linux-foundation.org \
--cc=fweimer@redhat.com \
--cc=jpoimboe@redhat.com \
--cc=keescook@chromium.org \
--cc=kernel-hardening@lists.openwall.com \
--cc=linux-btrfs@vger.kernel.org \
--cc=linux-input@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux@rasmusvillemoes.dk \
--cc=miguel.ojeda.sandonis@gmail.com \
--cc=mingo@kernel.org \
--cc=netdev@vger.kernel.org \
--cc=rdunlap@infradead.org \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).