[PATCH v4 ipsec-next] xfrm: remove VLA usage in __xfrm6_sort()

From: Kees Cook
Date: Wed Apr 25 2018 - 10:46:51 EST

Next message: Sibi Sankar: "[PATCH] arm64: dts: qcom: Add SDM845 SMEM nodes"
Previous message: Michal Hocko: "Re: vmalloc with GFP_NOFS"
Next in thread: Stefano Brivio: "Re: [PATCH v4 ipsec-next] xfrm: remove VLA usage in __xfrm6_sort()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

In the quest to remove all stack VLA usage removed from the kernel[1],
just use XFRM_MAX_DEPTH as already done for the "class" array. In one
case, it'll do this loop up to 5, the other caller up to 6.

[1] https://lkml.org/lkml/2018/3/7/621

Co-developed-by: Andreas Christoforou <andreaschristofo@xxxxxxxxx>
Signed-off-by: Kees Cook <keescook@xxxxxxxxxxxx>
---
v4:
- actually remove memset(). :)
v3:
- adjust Subject and commit log (Steffen)
- use "= { }" instead of memset() (Stefano)
v2:
- use XFRM_MAX_DEPTH for "count" array (Steffen and Mathias).
---
net/ipv6/xfrm6_state.c | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/net/ipv6/xfrm6_state.c b/net/ipv6/xfrm6_state.c
index 16f434791763..5bdca3d5d6b7 100644
--- a/net/ipv6/xfrm6_state.c
+++ b/net/ipv6/xfrm6_state.c
@@ -60,11 +60,9 @@ xfrm6_init_temprop(struct xfrm_state *x, const struct xfrm_tmpl *tmpl,
static int
__xfrm6_sort(void **dst, void **src, int n, int (*cmp)(void *p), int maxclass)
{
- int i;
+ int count[XFRM_MAX_DEPTH] = { };
int class[XFRM_MAX_DEPTH];
- int count[maxclass];
-
- memset(count, 0, sizeof(count));
+ int i;

for (i = 0; i < n; i++) {
int c;
--
2.7.4

--
Kees Cook
Pixel Security

Next message: Sibi Sankar: "[PATCH] arm64: dts: qcom: Add SDM845 SMEM nodes"
Previous message: Michal Hocko: "Re: vmalloc with GFP_NOFS"
Next in thread: Stefano Brivio: "Re: [PATCH v4 ipsec-next] xfrm: remove VLA usage in __xfrm6_sort()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]