LKML Archive on lore.kernel.org
 help / Atom feed
From: Linus Torvalds <torvalds@linux-foundation.org>
To: "Uecker, Martin" <Martin.Uecker@med.uni-goettingen.de>
Cc: Kees Cook <keescook@chromium.org>,
	Linux Kernel Mailing List <linux-kernel@vger.kernel.org>
Subject: Re: VLAs and security
Date: Mon, 3 Sep 2018 14:28:59 -0700
Message-ID: <CA+55aFy=T6TmG_VcLvSTb02RyKTacxVCxwUALRn8_7cdoic0pA@mail.gmail.com> (raw)
In-Reply-To: <1535960372.32005.1.camel@med.uni-goettingen.de>

On Mon, Sep 3, 2018 at 12:40 AM Uecker, Martin
<Martin.Uecker@med.uni-goettingen.de> wrote:
>
> But if the true bound is smaller, then IMHO it is really bad advise
> to tell programmers to use
>
> char buf[MAX_SIZE]
>
> instead of something like
>
> assert(N <= MAX_SIZE);
> char buf[N]

No.

First off, we don't use asserts in the kernel. Not acceptable. You
handle errors, you don't crash.

Secondly, the compiler is usually very stupid, and will generate
horrible code for VLA's.

Third, there's no guarantee that the compiler will actually even
realize that the size is limited, and guarantee that it won't screw up
the stack.

So no. VLA's are not acceptable in the kernel. Don't do them. We're
getting rid of them.

               Linus

  reply index

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-09-02  8:08 Uecker, Martin
2018-09-02 17:40 ` Kees Cook
2018-09-03  7:39   ` Uecker, Martin
2018-09-03 21:28     ` Linus Torvalds [this message]
2018-09-04  6:27       ` Uecker, Martin
2018-09-04  8:00         ` Dmitry Vyukov
2018-09-04 18:22           ` Uecker, Martin
2018-09-05  7:35             ` Dmitry Vyukov

Reply instructions:

You may reply publically to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='CA+55aFy=T6TmG_VcLvSTb02RyKTacxVCxwUALRn8_7cdoic0pA@mail.gmail.com' \
    --to=torvalds@linux-foundation.org \
    --cc=Martin.Uecker@med.uni-goettingen.de \
    --cc=keescook@chromium.org \
    --cc=linux-kernel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

LKML Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/lkml/0 lkml/git/0.git
	git clone --mirror https://lore.kernel.org/lkml/1 lkml/git/1.git
	git clone --mirror https://lore.kernel.org/lkml/2 lkml/git/2.git
	git clone --mirror https://lore.kernel.org/lkml/3 lkml/git/3.git
	git clone --mirror https://lore.kernel.org/lkml/4 lkml/git/4.git
	git clone --mirror https://lore.kernel.org/lkml/5 lkml/git/5.git
	git clone --mirror https://lore.kernel.org/lkml/6 lkml/git/6.git
	git clone --mirror https://lore.kernel.org/lkml/7 lkml/git/7.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 lkml lkml/ https://lore.kernel.org/lkml \
		linux-kernel@vger.kernel.org linux-kernel@archiver.kernel.org
	public-inbox-index lkml


Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernel.vger.linux-kernel


AGPL code for this site: git clone https://public-inbox.org/ public-inbox