lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <yw1x7f3ybjn4.fsf@unicorn.mansr.com>
Date:   Thu, 09 Mar 2017 14:38:07 +0000
From:   Måns Rullgård <mans@...sr.com>
To:     Tomas Winkler <tomasw@...il.com>
Cc:     Henrique de Moraes Holschuh <hmh@....eng.br>,
        "linux-kernel\@vger.kernel.org" <linux-kernel@...r.kernel.org>,
        linux-sparse@...r.kernel.org,
        Herbert Xu <herbert@...dor.apana.org.au>,
        Al Viro <viro@...iv.linux.org.uk>
Subject: Re: Arrays of variable length

Tomas Winkler <tomasw@...il.com> writes:

> On Thu, Mar 9, 2017 at 4:26 PM, Måns Rullgård <mans@...sr.com> wrote:
>> Tomas Winkler <tomasw@...il.com> writes:
>>
>>> On Thu, Mar 9, 2017 at 4:16 PM, Måns Rullgård <mans@...sr.com> wrote:
>>>> Tomas Winkler <tomasw@...il.com> writes:
>>>>
>>>>> On Thu, Mar 9, 2017 at 3:02 PM, Måns Rullgård <mans@...sr.com> wrote:
>>>>>> Tomas Winkler <tomasw@...il.com> writes:
>>>>>>
>>>>>>> On Mon, Mar 6, 2017 at 2:31 AM, Måns Rullgård <mans@...sr.com> wrote:
>>>>>>>> Henrique de Moraes Holschuh <hmh@....eng.br> writes:
>>>>>>>>
>>>>>>>>> On Sun, 05 Mar 2017, Måns Rullgård wrote:
>>>>>>>>>> Tomas Winkler <tomasw@...il.com> writes:
>>>>>>>>>> > Sparse complains for arrays declared with variable length
>>>>>>>>>> >
>>>>>>>>>> > 'warning: Variable length array is used'
>>>>>>>>>> >
>>>>>>>>>> > Prior to c99 this was not allowed but lgcc (c99) doesn't have problem
>>>>>>>>>> > with that  https://gcc.gnu.org/onlinedocs/gcc/Variable-Length.html.
>>>>>>>>>> > And also Linux kernel compilation with W=1 doesn't complain.
>>>>>>>>>> >
>>>>>>>>>> > Since sparse is used extensively would like to ask what is the correct
>>>>>>>>>> > usage of arrays of variable length
>>>>>>>>>> > within Linux Kernel.
>>>>>>>>>>
>>>>>>>>>> Variable-length arrays are a very bad idea.  Don't use them, ever.
>>>>>>>>>> If the size has a sane upper bound, just use that value statically.
>>>>>>>>>> Otherwise, you have a stack overflow waiting to happen and should be
>>>>>>>>>> using some kind of dynamic allocation instead.
>>>>>>>>>>
>>>>>>>>>> Furthermore, use of VLAs generally results in less efficient code.  For
>>>>>>>>>> instance, it forces gcc to waste a register for the frame pointer, and
>>>>>>>>>> it often prevents inlining.
>>>>>>>>>
>>>>>>>>> Well, if we're going to forbid VLAs in the kernel, IMHO the kernel build
>>>>>>>>> system should call gcc with -Werror=vla to get that point across early,
>>>>>>>>> and flush out any offenders.
>>>>>>>>
>>>>>>>> If it were up to me, that's exactly what I'd do.
>>>>>>>
>>>>>>>>
>>>>>>> Some parts of the kernel depends on VLA such as ___ON_STACK macros in
>>>>>>> include/crypto/hash.h
>>>>>>> It's actually pretty neat implementation, maybe it's too harsh to
>>>>>>> disable  VLA completely.
>>>>>>
>>>>>> And what happens if the requested size is insane?
>>>>>
>>>>> One option is to add '-Wvla-larger-than=n'
>>>>
>>>> If you know the upper bound, why use VLAs in the first place?
>>>
>>> This is a water mark and not  actual usage, but maybe I didn't
>>> understand your comment.
>>
>> If there is an upper bound known at compile time, why not simply use
>> that size statically?  If there is no upper bound, well, then you have a
>> problem.
>
> If the compiler can do the job, why not to use this flexibility ?

Because, as I already said, there are security implications if the size
is unbounded, and even with safely bounded size, using VLAs interferes
with compiler optimisations.  Ensuring VLAs are used safely is usually
more work than simply avoiding them in the first place.

-- 
Måns Rullgård

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ