Received: by 2002:ac0:a5a6:0:0:0:0:0 with SMTP id m35-v6csp1967901imm; Mon, 3 Sep 2018 14:31:31 -0700 (PDT) X-Google-Smtp-Source: ANB0VdZKZ55deVjvh7TqwFH/IYuPYd1QcMBTPzI8VKRcHjy3dLA8OvKIdvQ/miQOnKB+K5BI/azF X-Received: by 2002:a62:2983:: with SMTP id p125-v6mr31243297pfp.128.1536010291433; Mon, 03 Sep 2018 14:31:31 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1536010291; cv=none; d=google.com; s=arc-20160816; b=Lpn9znfuChSROr8SH0MuMoMP0fLIWZjoc/vSLcMXF6aWJLTSSL1Gk+ZDXY/goGW74y q04VHx+ZBel+0f6XKnzra2vq/My5fHxl136CxaNnZTqvJYpfxffRw/2IuMP4xtEhmWnt d3kGUST3Us4EWxtBZhBUqbLcg9lytJUVEkkVH8b1Lj3YkBfkXpNVFWuWXM1tQNsAHn7g G9C8NTlFu03+KXpSOX0vN0mZnbePAySz67cfjv+sFG5Xb4m+BRXGnPzL39Yzeo8gI2ZL 24yNaNcXCfSytanoy79poXk1+Obtp4lT8HxQtXt8cGBNl5UiDU9wVqPbby4kGi98fuVx BtcA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature :arc-authentication-results; bh=GYanFnXJm+hkRSURtE8QmXyNMWyfrMyvK4YNHxVBaXg=; b=SQCR21ARfb+YwhaSTaYjUjXwV4+9V5jw5D+GTWcy2Vh5NY3LK+31FUvlGyPPx8IAHK QUg/dZdHHqjbSCSDIwi4fZfoJ1fouuMbDNYXdkaZO77AjN7jzB9LECRKq6MzG9fWVR/w BUAQZ4gfu4pxL5NanhPq9449P+Vla5diLL1bpUek9ZP5PSQ954E1oHIqaUhfVsT2xZxf LbraI0TbzZuk9J5iBeoqcKzpLbCfaQNNK7oXWT8mAZ07nnfrvCcw1KS1k3WY/SQZpFmm XZaQJQq5U5mtvgg4ucFXQioralfbYPGAw6Ge7jSGxOSsr1udfQ1f4eKG4bxQ/jbTtAfi P5Fw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linux-foundation.org header.s=google header.b="dH8G/FPu"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id s136-v6si20173873pfs.255.2018.09.03.14.31.01; Mon, 03 Sep 2018 14:31:31 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linux-foundation.org header.s=google header.b="dH8G/FPu"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727212AbeIDBvN (ORCPT + 99 others); Mon, 3 Sep 2018 21:51:13 -0400 Received: from mail-it0-f45.google.com ([209.85.214.45]:52075 "EHLO mail-it0-f45.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726196AbeIDBvN (ORCPT ); Mon, 3 Sep 2018 21:51:13 -0400 Received: by mail-it0-f45.google.com with SMTP id e14-v6so2500779itf.1 for ; Mon, 03 Sep 2018 14:29:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux-foundation.org; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=GYanFnXJm+hkRSURtE8QmXyNMWyfrMyvK4YNHxVBaXg=; b=dH8G/FPuBZBxGz1oxquQZKZ7M4hnm+nKuKW/iVu/oTe5wqrkKUK2m5j7xJJsn6PJYm anU5fYAC0Zy9xqD0c/VASAPWpk5dtkwkzdw9A3bKoayZa8WxRWMK/5qdm5yKWMl1saNU K171gX5D72ZcH0B1nCFUsgAwbqTFs9dDO4Elc= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=GYanFnXJm+hkRSURtE8QmXyNMWyfrMyvK4YNHxVBaXg=; b=GAiEgYrOO0OCSL0ajS/MyOkIVtVCyivgaDUEAPqYBiRtuwrBq1uFse5gImdPIElbQs cMmnN4aZdsy73498SGPrp9+Q9dRDHRXm6AxuOycVxdVXFJXSmUsxJU9HgBHVPQmXyuLp PXy3T6RMdPWmm+PcuzepuXku90C2YqB0TYcS9iAeUNSzIMIrygN3x+jHiLxyvf42lA2V Ly6euYcdxOMxfUAQyR0XytD4mwq4x+jkXPQZkwM3ydgnQ3xGTfOk+j5up+qawW0EMEXi ZAvoX62N+jmdF1WSYtHQfzCIxVOq/DXhqWa/f0o5pEKMUxwojWGmoILeF+UGMk53kKct 2PrQ== X-Gm-Message-State: APzg51DYSGBX//J9B1O/ln9GkKwWGbQPQSz62UJNdqNHYU5BsjW+yRK2 esG+ZEf3LXwu56RMzBYtY5x204796+DglBOTVM4= X-Received: by 2002:a02:2b12:: with SMTP id h18-v6mr21069629jaa.10.1536010150184; Mon, 03 Sep 2018 14:29:10 -0700 (PDT) MIME-Version: 1.0 References: <1535875700.17858.3.camel@med.uni-goettingen.de> <1535960372.32005.1.camel@med.uni-goettingen.de> In-Reply-To: <1535960372.32005.1.camel@med.uni-goettingen.de> From: Linus Torvalds Date: Mon, 3 Sep 2018 14:28:59 -0700 Message-ID: Subject: Re: VLAs and security To: "Uecker, Martin" Cc: Kees Cook , Linux Kernel Mailing List Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Sep 3, 2018 at 12:40 AM Uecker, Martin wrote: > > But if the true bound is smaller, then IMHO it is really bad advise > to tell programmers to use > > char buf[MAX_SIZE] > > instead of something like > > assert(N <= MAX_SIZE); > char buf[N] No. First off, we don't use asserts in the kernel. Not acceptable. You handle errors, you don't crash. Secondly, the compiler is usually very stupid, and will generate horrible code for VLA's. Third, there's no guarantee that the compiler will actually even realize that the size is limited, and guarantee that it won't screw up the stack. So no. VLA's are not acceptable in the kernel. Don't do them. We're getting rid of them. Linus