Am Montag, den 03.09.2018, 14:28 -0700 schrieb Linus Torvalds: > On Mon, Sep 3, 2018 at 12:40 AM Uecker, Martin > <martin.uec...@med.uni-goettingen.de> wrote: > > > > But if the true bound is smaller, then IMHO it is really bad advise > > to tell programmers to use > > > > char buf[MAX_SIZE] > > > > instead of something like > > > > assert(N <= MAX_SIZE); > > char buf[N] > > No. > > First off, we don't use asserts in the kernel. Not acceptable. You > handle errors, you don't crash.
Ofcourse. But this is unrelated to my point. > Secondly, the compiler is usually very stupid, and will generate > horrible code for VLA's. > > Third, there's no guarantee that the compiler will actually even > realize that the size is limited, and guarantee that it won't screw up > the stack. If this is about the quality of the generated code, ok. I just don't buy the idea that removing precise type-based information about the size of objects from the source code is good long-term strategy for improving security. > So no. VLA's are not acceptable in the kernel. Don't do them. We're > getting rid of them. All right then. Martin