Received: by 10.213.65.68 with SMTP id h4csp336956imn; Fri, 16 Mar 2018 04:49:30 -0700 (PDT) X-Google-Smtp-Source: AG47ELu5Acnh9hXys9sr2AwhuGC7Ou0AvhqGhnd31KRFLxWanZ8QcqZGRSnLSjilm8NBw2qdDS8c X-Received: by 2002:a17:902:c81:: with SMTP id 1-v6mr1794785plt.205.1521200970071; Fri, 16 Mar 2018 04:49:30 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1521200970; cv=none; d=google.com; s=arc-20160816; b=fUBIkOeNDvm3BHO1GR2GrMWTHL1XzzTaInLQIdm0baid+zzFz4n60qnUnhGkWk/KLD dfL+5/isUCcfC0+ocyM5R0W06wOQsoZPWklbZfj2l1ktZUu2BiIg4OMGHY+2oUv8xGQL FL8f3pW7qm+bdtwQUUjfFzd8qHmfLGfVG9xvF3qny/zai7qmkcQ8nMhHrBuD3Y2NgEhQ ANmqAPvKKCAjJTjdG+lfa78NOrtTgjLTzCCs99g2FjS259BuDsptMBev/izAqIUaN54k kaFscnjkut/eLBxxnSNyEHaNETgLzxAbWxbh87VJRZLvPnpDUaxhsT7MLcIFiZ8gFWee LyGw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject:arc-authentication-results; bh=765LG/Pp4ssaIhjFliEu+yaepDFDN9/4UIh1XPMQX7U=; b=DGRQfOPWwflpCJqHuaYwbyLU+5Ys5OvWyb6Do9+q/oi/ySGD4OdeAX+3/teY2PGa2Z PpSKL1TGepC7IS3glLvWbTH+u80ubbCvbptv6LH4PIj0NcIcMnQrTZn9coXc8PglC9pz dSljO9F3Gv0dJgSOipXSNty+c72xUyndmMO/80+DtKHI3AW4Pr63h1bsEO42Wx4uOIld D5GqVvWIraLlK0UDSnWuSllfEduEJOI3O4RUwXgG7Wh/uqgT719tLWKPzKzi54rsomAa 3WhMMLxAfzguR1KcnLnQ7AVKixIrm2xg3xM4AV9fbnvEQqZhFgF19/3wLD7oPx2Kch8d TERA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id z13si5304941pfh.217.2018.03.16.04.49.16; Fri, 16 Mar 2018 04:49:30 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753498AbeCPLsH (ORCPT + 99 others); Fri, 16 Mar 2018 07:48:07 -0400 Received: from mx3-rdu2.redhat.com ([66.187.233.73]:56062 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1751888AbeCPLsE (ORCPT ); Fri, 16 Mar 2018 07:48:04 -0400 Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.rdu2.redhat.com [10.11.54.4]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id E810240201A4; Fri, 16 Mar 2018 11:48:03 +0000 (UTC) Received: from oldenburg.str.redhat.com (dhcp-192-212.str.redhat.com [10.33.192.212]) by smtp.corp.redhat.com (Postfix) with ESMTP id 464032026E03; Fri, 16 Mar 2018 11:47:58 +0000 (UTC) Subject: Re: [PATCH v5 0/2] Remove false-positive VLAs when using max() To: Kees Cook , Andrew Morton Cc: Linus Torvalds , Josh Poimboeuf , Rasmus Villemoes , Randy Dunlap , Miguel Ojeda , Ingo Molnar , David Laight , Ian Abbott , linux-input@vger.kernel.org, linux-btrfs@vger.kernel.org, netdev@vger.kernel.org, linux-kernel@vger.kernel.org, kernel-hardening@lists.openwall.com References: <1521174359-46392-1-git-send-email-keescook@chromium.org> From: Florian Weimer Message-ID: Date: Fri, 16 Mar 2018 12:47:58 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0 MIME-Version: 1.0 In-Reply-To: <1521174359-46392-1-git-send-email-keescook@chromium.org> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-Scanned-By: MIMEDefang 2.78 on 10.11.54.4 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.6]); Fri, 16 Mar 2018 11:48:04 +0000 (UTC) X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.6]); Fri, 16 Mar 2018 11:48:04 +0000 (UTC) for IP:'10.11.54.4' DOMAIN:'int-mx04.intmail.prod.int.rdu2.redhat.com' HELO:'smtp.corp.redhat.com' FROM:'fweimer@redhat.com' RCPT:'' Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 03/16/2018 05:25 AM, Kees Cook wrote: > In the effort to remove all VLAs from the kernel[1], it is desirable to > build with -Wvla. However, this warning is overly pessimistic, in that > it is only happy with stack array sizes that are declared as constant > expressions, and not constant values. One case of this is the evaluation > of the max() macro which, due to its construction, ends up converting > constant expression arguments into a constant value result. Attempts > to adjust the behavior of max() ran afoul of version-dependent compiler > behavior[2]. I find this commit message confusing. VLAs have precisely defined semantics which differ from other arrays, and these differences can be observable (maybe not in the kernel, but certainly for userspace), so the compiler has to treat a VLA as such even if the length is a constant known at compile time. (The original intent of the warning probably was a portability check anyway.) If you want to catch stack frames which have unbounded size, -Werror=stack-usage=1000 or -Werror=vla-larger-than=1000 (with the constant adjusted as needed) might be the better approach. Thanks, Florian