From: "Philippe Mathieu-Daudé" <philmd@redhat.com>
To: Peter Maydell <peter.maydell@linaro.org>,
QEMU Developers <qemu-devel@nongnu.org>
Subject: Re: [Qemu-devel] should we try to stop using variable length arrays?
Date: Thu, 7 Feb 2019 22:56:58 +0100 [thread overview]
Message-ID: <a8cd7b35-b473-4197-be03-8a41cf8cdd7f@redhat.com> (raw)
In-Reply-To: <CAFEAcA88+A2oCkQnxKDEdpmfCZSmPzWMBg01wDDV68bMZoY5Jg@mail.gmail.com>
On 2/7/19 8:30 PM, Peter Maydell wrote:
> Currently QEMU has 9 uses of variable length arrays
> (found using -Wvla):
>
> hw/block/dataplane/virtio-blk.c:62:25: warning: variable length array
> used [-Wvla]
> unsigned long bitmap[BITS_TO_LONGS(nvqs)];
> ^
> hw/i386/multiboot.c:364:18: warning: variable length array used [-Wvla]
> char kcmdline[strlen(kernel_filename) + strlen(kernel_cmdline) + 2];
> ^
> hw/i386/xen/xen-hvm.c:618:25: warning: variable length array used [-Wvla]
> unsigned long bitmap[DIV_ROUND_UP(npages, width)];
> ^
> hw/intc/xics.c:604:18: warning: variable length array used [-Wvla]
> uint8_t flags[ics->nr_irqs];
> ^
> hw/net/fsl_etsec/rings.c:383:18: warning: variable length array used [-Wvla]
> uint8_t padd[etsec->rx_padding];
> ^
> hw/ppc/pnv.c:130:26: warning: variable length array used [-Wvla]
> uint32_t servers_prop[smt_threads];
> ^
> hw/ppc/spapr.c:162:26: warning: variable length array used [-Wvla]
> uint32_t servers_prop[smt_threads];
> ^
> hw/ppc/spapr.c:163:27: warning: variable length array used [-Wvla]
> uint32_t gservers_prop[smt_threads * 2];
> ^
> linux-user/syscall.c:3478:23: warning: variable length array used [-Wvla]
> struct sembuf sops[nsops];
> ^
>
> Should we be looking to get rid of these and turn on the -Wvla
> warning? I know the Linux kernel has recently decided to do this
Yes please!
> (some rationale at the start of https://lwn.net/Articles/749064/).
> Now that doesn't necessarily apply to us as a userspace program,
> but on the other hand if any of these were allowing the guest to
> determine the size of an on-stack array that would not be great.
> (The linux-user one is bogus in that way, though not a security issue
> as the guest code there has full control anyway.)
The manpage says "[The semaphore] limit should not be raised above 1000".
>
> Opinions? I admit that to some extent this is just my sense of
> tidiness thinking that if we only have a handful of uses of
> something we should squash that down to zero :-)
None of these case have strong justification to use the stack rather
than the heap (and the rest of the codebase heavily uses the heap).
>
> thanks
> -- PMM
>
next prev parent reply other threads:[~2019-02-07 21:57 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-02-07 19:30 [Qemu-devel] should we try to stop using variable length arrays? Peter Maydell
2019-02-07 19:39 ` Eric Blake
2019-02-07 20:28 ` Eric Blake
2019-02-07 21:56 ` Philippe Mathieu-Daudé [this message]
2019-02-11 3:26 ` Stefan Hajnoczi
2019-02-11 10:58 ` Daniel P. Berrangé
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=a8cd7b35-b473-4197-be03-8a41cf8cdd7f@redhat.com \
--to=philmd@redhat.com \
--cc=peter.maydell@linaro.org \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).