Received: by 10.192.165.156 with SMTP id m28csp1379154imm;
        Fri, 13 Apr 2018 19:57:18 -0700 (PDT)
X-Google-Smtp-Source: AIpwx49w+lbN1UAryOmRNtMn/Xw5hCPad2ECqPj49s3Q09EB3PBKZgGQ1C8xFf/ZRoCl8ifoF6TG
X-Received: by 10.101.98.90 with SMTP id q26mr6085312pgv.113.1523674638683;
        Fri, 13 Apr 2018 19:57:18 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1523674638; cv=none;
        d=google.com; s=arc-20160816;
        b=AocTI2FaZaxhJItgEoVjEt7tOVsO64X1knYtONEHegvI9iXekV8DadOF0HiPB35ico
         CKZY4pPp4FYnf6N9kP1aX4yai0UUYFdT51JLP6J8xzPpByUEGIh8LT3LNjmgp1hDjGi9
         RXMbG70lBtSZgjxyFyqyc5Zf+VlFmih4oBh/JhSC3H/FXFY62RTE/r89fq1MdIBi51yG
         iNlqtIbZEjaB9UWbJKUNX49PhAkO070hmFl9/zleZNnTaPC+ulT5SQ2aogn+kToulCAC
         6eM4uUKZXLwCIHOJ+MuGHwOJZHqhaNaFxVvPo3fkV8a5tgxbBsXI3jIXXOo5vQXA4eVw
         rUjw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:user-agent:in-reply-to
         :content-disposition:mime-version:references:message-id:subject:cc
         :to:from:date:dkim-signature:arc-authentication-results;
        bh=Oz2L2EkJCb6CHuS1AW9VgzWufS7vk27m/s6PdWkp+cs=;
        b=m/fQLTQsnPezrqiS1b1vK1SyaOF2P+DvQPRNg//5XvAPkDAwfLajFFMGVQiFojCJIG
         zZvQIKtPsLsKdd1MAk/jJZQ2Ti8l9Do0ldtFUtvfc9QKGN+mi5n7WgsHqpifHyTeubl3
         x0eXl5qV6zhrzaYf+gACPEn5pd4mywY4tbPLVlp7tF2eXElB8WiXyCRfzeX1DIoKNReh
         OlNHhO2UEiLLcFXXm8oQN7n1OnEIFcK0FX4uA1FeanWj+nqImVri0r5J9jJX2g9hITkJ
         Jd4WeR/bJ/hRNGlwrmtUoKZiZy0Qw/W/3IUVmrQjF3NkAC+uNGyapzT99Llmckkur2yF
         qX9w==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@linaro.org header.s=google header.b=j+LS4Ssw;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id x190si5392453pgx.378.2018.04.13.19.57.04;
        Fri, 13 Apr 2018 19:57:18 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@linaro.org header.s=google header.b=j+LS4Ssw;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1751148AbeDNCz6 (ORCPT <rfc822;mahoosoft4you@gmail.com>
        + 99 others); Fri, 13 Apr 2018 22:55:58 -0400
Received: from mail-io0-f182.google.com ([209.85.223.182]:46086 "EHLO
        mail-io0-f182.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1750867AbeDNCz5 (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 13 Apr 2018 22:55:57 -0400
Received: by mail-io0-f182.google.com with SMTP id t13so4798336ioc.13
        for <linux-kernel@vger.kernel.org>; Fri, 13 Apr 2018 19:55:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=linaro.org; s=google;
        h=date:from:to:cc:subject:message-id:references:mime-version
         :content-disposition:in-reply-to:user-agent;
        bh=Oz2L2EkJCb6CHuS1AW9VgzWufS7vk27m/s6PdWkp+cs=;
        b=j+LS4SswrarDwi4T+wWLx9PwjQM7qRsep7N6cuihUE2pGTWmj0MkREPFCRNk7se8i3
         bVEENt1Z8bdUf5vkrRJpa2fNHiNIjsQR7cgWzW6TImyKLx63Enkf6RAHeqmuppBEtBzA
         h+jKg0liXsJ9AntaZLyJ/OHSQI9GFBmnSCrfs=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:date:from:to:cc:subject:message-id:references
         :mime-version:content-disposition:in-reply-to:user-agent;
        bh=Oz2L2EkJCb6CHuS1AW9VgzWufS7vk27m/s6PdWkp+cs=;
        b=ds9NNbBr1sgTLAbRJDHHV0pQmfMH1LMwEyCizm8LS/8w3HHBuAYhixSQuXQ81J4z0n
         lYBrCg9VdqOgQvMcJzRu4jcjQjCssilKmGszOUj8w+WW2sc9df+u4uiecfbyaNVLCWNh
         IadxK14fRWcWJvbdZgnyYpMCYiJPIS1F8/TOSGmqjcWs1QfmxI7Z2ukJgczXq2Z+FuDV
         ZKLD382gcjD1X+R+F+90MyuN5vQOFH8DK8K0V12nonTvjghO365ozw+ENpxv1nLEFX7y
         smHmyukWa9p1WquMXpIJpkRtX6cgDqMim4rLTpfp0bAqYP/8QPgu0pXyzTAFAIAfsROw
         NROQ==
X-Gm-Message-State: ALQs6tBxq/gT/JdIAm/UW8oGTxOXWMuHBQT3DEKUUP7rjYbqcfYbFiGs
        PEpzfyrY0T3zLhvdWwdOQYQhUA==
X-Received: by 10.107.128.156 with SMTP id k28mr15654888ioi.253.1523674556453;
        Fri, 13 Apr 2018 19:55:56 -0700 (PDT)
Received: from davidb.org ([2601:283:4300:afc2:b0f2:2fff:fe58:439])
        by smtp.gmail.com with ESMTPSA id f11-v6sm1825561itf.42.2018.04.13.19.55.54
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Fri, 13 Apr 2018 19:55:55 -0700 (PDT)
Date:   Fri, 13 Apr 2018 20:55:53 -0600
From:   David Brown <david.brown@linaro.org>
To:     Laura Abbott <labbott@redhat.com>
Cc:     Boris Ostrovsky <boris.ostrovsky@oracle.com>,
        Juergen Gross <jgross@suse.com>,
        Thomas Gleixner <tglx@linutronix.de>,
        Ingo Molnar <mingo@redhat.com>,
        "H. Peter Anvin" <hpa@zytor.com>, x86@kernel.org,
        xen-devel@lists.xenproject.org, linux-kernel@vger.kernel.org,
        kernel-hardening@lists.openwall.com
Subject: Re: [PATCH] x86/xen: Remove use of VLAs
Message-ID: <20180414025553.GA32653@davidb.org>
References: <20180413221146.28476-1-labbott@redhat.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Disposition: inline
In-Reply-To: <20180413221146.28476-1-labbott@redhat.com>
User-Agent: Mutt/1.9.4 (2018-02-28)
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Fri, Apr 13, 2018 at 03:11:46PM -0700, Laura Abbott wrote:

>There's an ongoing effort to remove VLAs[1] from the kernel to eventually
>turn on -Wvla. The few VLAs in use have an upper bound based on a size
>of 64K. This doesn't produce an excessively large stack so just switch
>the upper bound.
>
>[1] https://lkml.org/lkml/2018/3/7/621

This comment is more in regards to many of these patches, and not as
much this one specifically.

How confident are we in the upper bounds we're setting, and how
obvious is it in the resulting code so that something does later
change to overflow these bounds.

The danger here is that we're converting something a little easier to
detect (a stack overflow), with something harder to detect
(overflowing an array on the stack).

I guess the question is twofold: how did you determine that 64K was
the largest 'size' value, and how should reviewers verify this as
well.  Perhaps this should at least be in the commit text so someone
tracking down something with this code can find it later.

David