From: David Brown <david.brown@linaro.org>
To: Laura Abbott <labbott@redhat.com>
Cc: Boris Ostrovsky <boris.ostrovsky@oracle.com>,
Juergen Gross <jgross@suse.com>,
Thomas Gleixner <tglx@linutronix.de>,
Ingo Molnar <mingo@redhat.com>, "H. Peter Anvin" <hpa@zytor.com>,
x86@kernel.org, xen-devel@lists.xenproject.org,
linux-kernel@vger.kernel.org,
kernel-hardening@lists.openwall.com
Subject: Re: [PATCH] x86/xen: Remove use of VLAs
Date: Fri, 13 Apr 2018 20:55:53 -0600 [thread overview]
Message-ID: <20180414025553.GA32653@davidb.org> (raw)
In-Reply-To: <20180413221146.28476-1-labbott@redhat.com>
On Fri, Apr 13, 2018 at 03:11:46PM -0700, Laura Abbott wrote:
>There's an ongoing effort to remove VLAs[1] from the kernel to eventually
>turn on -Wvla. The few VLAs in use have an upper bound based on a size
>of 64K. This doesn't produce an excessively large stack so just switch
>the upper bound.
>
>[1] https://lkml.org/lkml/2018/3/7/621
This comment is more in regards to many of these patches, and not as
much this one specifically.
How confident are we in the upper bounds we're setting, and how
obvious is it in the resulting code so that something does later
change to overflow these bounds.
The danger here is that we're converting something a little easier to
detect (a stack overflow), with something harder to detect
(overflowing an array on the stack).
I guess the question is twofold: how did you determine that 64K was
the largest 'size' value, and how should reviewers verify this as
well. Perhaps this should at least be in the commit text so someone
tracking down something with this code can find it later.
David
next prev parent reply other threads:[~2018-04-14 2:55 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-04-13 22:11 [PATCH] x86/xen: Remove use of VLAs Laura Abbott
2018-04-14 2:55 ` David Brown [this message]
2018-04-14 3:43 ` Laura Abbott
2018-04-16 8:11 ` Juergen Gross
2018-04-16 9:40 ` Ingo Molnar
2018-04-16 13:27 ` Boris Ostrovsky
2018-04-17 7:16 ` Juergen Gross
2018-04-17 23:33 ` Laura Abbott
2018-04-17 23:40 ` Boris Ostrovsky
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180414025553.GA32653@davidb.org \
--to=david.brown@linaro.org \
--cc=boris.ostrovsky@oracle.com \
--cc=hpa@zytor.com \
--cc=jgross@suse.com \
--cc=kernel-hardening@lists.openwall.com \
--cc=labbott@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=tglx@linutronix.de \
--cc=x86@kernel.org \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox