Received: by 10.192.165.156 with SMTP id m28csp1407514imm; Fri, 13 Apr 2018 20:48:16 -0700 (PDT) X-Google-Smtp-Source: AIpwx4+loKC8uaK+grXVSWGKbSzW840cBc4wwo+WMiilNt/hgjni/kBD8YxnOVCtl38K1IUHxlax X-Received: by 2002:a17:902:a514:: with SMTP id s20-v6mr7411361plq.272.1523677696893; Fri, 13 Apr 2018 20:48:16 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1523677696; cv=none; d=google.com; s=arc-20160816; b=QrFk3R0mQ0P2ON7GiiqLGORKm4ohaZZQpBG+lDMk0z9vP6ZFQzaWBL4Qd676YeebJG Ee6n0hjvzppSXFfhOOSBt4J6iK69I+RsDYoJfXwalsV6xfAnQqI5QsiS66wXh4DltVVf zaqGIHy0xMG8PFoZ34F7OydQU0xRzw35PSRhY19x3jPYchQZqJ9QBz3MmYKwaVLghHP7 s3h05DfBkTRPDTvx6+hm4d3FeLbWpTZP1dCZllD4Evs69DK4JlIYJDWe0uhrXALoSInB UgsFWCwWJnA/vbIEGmhzyFFba2/8OC+nE1NXxycXBtHS+rPIRpjNHiL9NHeStqt4gCsA yGXw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject:arc-authentication-results; bh=Q9uiRdY7PzR/bkvH2eQPNQiaotHpuXnSN0Rjl7ERD04=; b=ITCuXAcyTusLf7T1rGOMGdI2juJ6LvO2ywpGPgFVzD20oJPra291x8rCYxNwCoV9IY Ol4WRAGmmj4Yc7hGgsxz6ChXlw1FgC5drXx6PfMdcLqLTsGSvD5nmkk8hFFtjvFTlLBx xMc4IwEJC8Hb2ICX3tT/iujjBcZwAuEBHJUbZEiXFUTmoEeu9WxqjTXsMyL8nwJ3IPjB z/POCKhwARXJ52WejQSL/3kiEq2vCrz/MalDf4Z8FQvgX/68zeMmqnpjZWwj/gKEBeSp TUN4RC/8C9TIExFTP9vXnSf7loOCJt4BF/xZrKBRE6cV2XuwkB93Q5LSLKGZCvwUaDIh YKUA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id t1si5235322pgp.498.2018.04.13.20.47.04; Fri, 13 Apr 2018 20:48:16 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751875AbeDNDnG (ORCPT + 99 others); Fri, 13 Apr 2018 23:43:06 -0400 Received: from mail-pf0-f173.google.com ([209.85.192.173]:40326 "EHLO mail-pf0-f173.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750867AbeDNDnF (ORCPT ); Fri, 13 Apr 2018 23:43:05 -0400 Received: by mail-pf0-f173.google.com with SMTP id y66so7454155pfi.7 for ; Fri, 13 Apr 2018 20:43:05 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=Q9uiRdY7PzR/bkvH2eQPNQiaotHpuXnSN0Rjl7ERD04=; b=rnx8/iB6qbvUCv9aTDF5Vx4p+SQjpD5y/z3O780gtPnWl9xPXBXrJ4d1jVHZnmKS3g OtIlSOEw8pRuIa+htyRkUhs5X4s/2VGH/OGzWPVrxLcIzQuJTwzYpBiZ47UO6RRjTsqO 1pIs+Sjb3MB7ORehJd5ndYLD2NRiHmSFPootZ8hhAzrc5qTSFenQGD+JavTrLFtqjUGu fLcoE8w4gHcVzcMZYJ8TcZE0MY7Fp2kiAuEBuqEhCeu0Gy7ErmsmSKTiEwqln8fZ2jw/ 3zb+JXhQ21yc9HkVYaSf//xDaHAg/srqkkFUHw541nf2NAJqTxC+AlL1IDAxsW1Q1aXj FQVA== X-Gm-Message-State: ALQs6tDHdIYeXMgbUIueKi+EAz0egdFlngtfQVnMs8vFtpl8eN1h5zxA PDqNbtK3m76OSbuqsWhi3Em4G/gf0UI= X-Received: by 10.99.173.67 with SMTP id y3mr6210317pgo.109.1523677384977; Fri, 13 Apr 2018 20:43:04 -0700 (PDT) Received: from localhost.localdomain ([2601:602:9802:a8dc::4dc5]) by smtp.gmail.com with ESMTPSA id k24sm14759459pfj.32.2018.04.13.20.43.03 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 13 Apr 2018 20:43:03 -0700 (PDT) Subject: Re: [PATCH] x86/xen: Remove use of VLAs To: David Brown Cc: Boris Ostrovsky , Juergen Gross , Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , x86@kernel.org, xen-devel@lists.xenproject.org, linux-kernel@vger.kernel.org, kernel-hardening@lists.openwall.com References: <20180413221146.28476-1-labbott@redhat.com> <20180414025553.GA32653@davidb.org> From: Laura Abbott Message-ID: <18e8c47d-55f7-795a-053a-f667650b43b7@redhat.com> Date: Fri, 13 Apr 2018 20:43:02 -0700 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.7.0 MIME-Version: 1.0 In-Reply-To: <20180414025553.GA32653@davidb.org> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 04/13/2018 07:55 PM, David Brown wrote: > On Fri, Apr 13, 2018 at 03:11:46PM -0700, Laura Abbott wrote: > >> There's an ongoing effort to remove VLAs[1] from the kernel to eventually >> turn on -Wvla. The few VLAs in use have an upper bound based on a size >> of 64K. This doesn't produce an excessively large stack so just switch >> the upper bound. >> >> [1] https://lkml.org/lkml/2018/3/7/621 > > This comment is more in regards to many of these patches, and not as > much this one specifically. > > How confident are we in the upper bounds we're setting, and how > obvious is it in the resulting code so that something does later > change to overflow these bounds. > > The danger here is that we're converting something a little easier to > detect (a stack overflow), with something harder to detect > (overflowing an array on the stack). > Several people have remarked on that and the solution has been to put in some kind of WARN and/or error check to make it obvious something needs to be adjusted. > I guess the question is twofold: how did you determine that 64K was > the largest 'size' value, and how should reviewers verify this as > well.  Perhaps this should at least be in the commit text so someone > tracking down something with this code can find it later. > It's not in the patch context but there's a large comment below: /* * A GDT can be up to 64k in size, which corresponds to 8192 * 8-byte entries, or 16 4k pages.. */ BUG_ON(size > 65536); Given the frames was calculated based off the size, that seemed sufficient. > David Thanks, Laura