Received: by 10.223.185.111 with SMTP id b44csp271393wrg;
        Fri, 9 Mar 2018 04:50:18 -0800 (PST)
X-Google-Smtp-Source: AG47ELu6iCq3R48bd2HLu9816LFlyWCXiTJM+rr1AtaL2reT77gTVtc5pbCunBsiAOWMJLdrTOIa
X-Received: by 10.99.116.67 with SMTP id e3mr23892979pgn.265.1520599818154;
        Fri, 09 Mar 2018 04:50:18 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1520599818; cv=none;
        d=google.com; s=arc-20160816;
        b=nsTxhoVvOP2zm0XQ0iekYX1UGyT8+LikNl71XnVKydcXkwGeivE2a5MN3Q5DoL0gah
         xia2IzJuxcD8tKO9cS6kOiSd2m+7nJ7hj+vbfJXxSWF1+syWv5XnZbcMCUadi/oyy7Cq
         dJc7ZgBXv7jIri8BLCeyV89zZAu1FTL+tcCmSSvO803w9gmLIaWZVpnY5he9qgCMeVgV
         kXxQe6UDA9VTre3gDTHJqq//t2dAyHHZgAEIbJUILl7XP2CLSMmNlCpWNWR96/VvI4Qm
         JfWNG2VeIOnAvZYGJBKTkzQpGoPId30Tgob7ueHvnHJXyIApAe1vQ6oldj4Fyh7YJecK
         6REw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:cc:to:subject:message-id:date:from
         :references:in-reply-to:mime-version:dkim-signature
         :arc-authentication-results;
        bh=a4H8hFkBSDXIMleZ6F2dXPP6m8tdIvi4CXDJtURAOVM=;
        b=iSNM/5LuYSJumw8XUcpaY+71HGl4Oy/2YKGBCc/Zlkrs/+BGz5TTD8sUg5OJhtN8v1
         GrlbkRbEyQyMETE9SoDLBtADy4pdBgOkVc2s6pXVFqzHNaXwQ/8A2tvD/IkC2mjhT46N
         yuuDgOXvuNSIRsSfyn7Mt92EnoKCP8Oenfysz5hYfwZBwf9rnUHbtd8SFs7YkLPaLsRk
         dGcYljXU1D3cEGB+H61o2OTztE/mi+o84ybZKAznDtJoJvbm7vQ661zLEOEUCH8rjcHJ
         T4bvJCD24HDML2M9gqu1fU0k2Wi3YQI38UeOwP2ZKKYvHLJ++5qKaBaY8VE364KHWF8t
         OXDQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@googlemail.com header.s=20161025 header.b=mLFeQuFJ;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=googlemail.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id f15si700829pga.22.2018.03.09.04.50.02;
        Fri, 09 Mar 2018 04:50:18 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@googlemail.com header.s=20161025 header.b=mLFeQuFJ;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=googlemail.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1751191AbeCIMtK (ORCPT <rfc822;arandomawesomegeek@gmail.com>
        + 99 others); Fri, 9 Mar 2018 07:49:10 -0500
Received: from mail-yb0-f195.google.com ([209.85.213.195]:37096 "EHLO
        mail-yb0-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1751059AbeCIMtI (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 9 Mar 2018 07:49:08 -0500
Received: by mail-yb0-f195.google.com with SMTP id u5-v6so3085072ybf.4;
        Fri, 09 Mar 2018 04:49:08 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=googlemail.com; s=20161025;
        h=mime-version:in-reply-to:references:from:date:message-id:subject:to
         :cc;
        bh=a4H8hFkBSDXIMleZ6F2dXPP6m8tdIvi4CXDJtURAOVM=;
        b=mLFeQuFJBhw2bV8Zp1WRf1D+4BHY9Nqx80WoLrITiCpQrFmCm5EiRWLZpg2MUnxRrH
         zt41celDHA2ZOT8Q0Fm+WZjgBz8lOHvrzTU7tBDWoQ7fVE+snj12LjVCqnjdKL3ImGBk
         Bkn4FKvNLz3Z6BxCeewymMwS+8DsS6LGEXlRYj/nCjxLiNAqeIixs9kQoWj8Ryzx8DYB
         1lXsJv+WAeIT+JyPCKPKEc9Hxie9heK/VdRtXouA7mMdfE1ITnbISwTTS8xV00g39Tv4
         USh1i2I+QR746SHkwyg2czEl1zLptST0/1a7o1S+tk2u4FFtNBlrTGlNhwYRTH/D53y7
         UEOw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:in-reply-to:references:from:date
         :message-id:subject:to:cc;
        bh=a4H8hFkBSDXIMleZ6F2dXPP6m8tdIvi4CXDJtURAOVM=;
        b=HTWL1DSYEsZ9psCR45KenQSyuLWOoyMB+2d5s6gpyWGvoKiIjQYmv2xwaGujzBCJhB
         IcQKqAe9jAUDK+BnPCQrl/O6R1rN9ngRgy2HVrg55GTtmi24iWXQDesDT0IlcYIe7Um1
         GWyXraMefZtOU8vUXM/CI4igHR24/RF45J2+ejsZM5MXZf2xhDEkizaK3jbUhBv7ZqOR
         rf67EBBZnLQW/zm8zbVPqwvKIB7rOjV/OkvYewUfBQY/vnN8/fpX7mB34P2qRmNJSAaM
         JQ9S6EdVwBEmy61Px29bgqY7+l0Xscjp1kzDWYEN12Jny63dXvtqs+Ih6w3I4+FxtM6d
         iSmQ==
X-Gm-Message-State: APf1xPCh/63m9G903sHp9qdab7x7KvM+RhwLcG1INzs1CjX6UQBoppuw
        5aQtRJGtxcZTP9QWRhHCUM0KSqfU9AXOpCzpkR0=
X-Received: by 2002:a25:844d:: with SMTP id r13-v6mr18784064ybm.239.1520599747595;
 Fri, 09 Mar 2018 04:49:07 -0800 (PST)
MIME-Version: 1.0
Received: by 2002:a25:4084:0:0:0:0:0 with HTTP; Fri, 9 Mar 2018 04:49:07 -0800 (PST)
In-Reply-To: <1520598106-3271-1-git-send-email-andreaschristofo@gmail.com>
References: <1520598106-3271-1-git-send-email-andreaschristofo@gmail.com>
From:   Mathias Krause <minipli@googlemail.com>
Date:   Fri, 9 Mar 2018 13:49:07 +0100
Message-ID: <CA+rthh9g3gcgTt8jbcRrVUK=Lagnz8HWJJLERwSbMi++3VqS1A@mail.gmail.com>
Subject: Re: [PATCH] net: ipv6: xfrm6_state: remove VLA usage
To:     Andreas Christoforou <andreaschristofo@gmail.com>
Cc:     Kees Cook <keescook@chromium.org>,
        kernel-hardening@lists.openwall.com,
        Steffen Klassert <steffen.klassert@secunet.com>,
        Herbert Xu <herbert@gondor.apana.org.au>,
        "David S. Miller" <davem@davemloft.net>,
        Alexey Kuznetsov <kuznet@ms2.inr.ac.ru>,
        Hideaki YOSHIFUJI <yoshfuji@linux-ipv6.org>,
        netdev@vger.kernel.org, linux-kernel@vger.kernel.org
Content-Type: text/plain; charset="UTF-8"
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On 9 March 2018 at 13:21, Andreas Christoforou
<andreaschristofo@gmail.com> wrote:
> The kernel would like to have all stack VLA usage removed[1].
>
> Signed-off-by: Andreas Christoforou <andreaschristofo@gmail.com>
> ---
>  net/ipv6/xfrm6_state.c | 8 +++++++-
>  1 file changed, 7 insertions(+), 1 deletion(-)
>
> diff --git a/net/ipv6/xfrm6_state.c b/net/ipv6/xfrm6_state.c
> index b15075a..45c0d98 100644
> --- a/net/ipv6/xfrm6_state.c
> +++ b/net/ipv6/xfrm6_state.c
> @@ -62,7 +62,12 @@ __xfrm6_sort(void **dst, void **src, int n, int (*cmp)(void *p), int maxclass)
>  {
>         int i;
>         int class[XFRM_MAX_DEPTH];
> -       int count[maxclass];
> +       int *count;
> +
> +       count = kcalloc(maxclass + 1, sizeof(*count), GFP_KERNEL);
> +
> +       if (!count)
> +               return -ENOMEM;
>
>         memset(count, 0, sizeof(count));
>
> @@ -80,6 +85,7 @@ __xfrm6_sort(void **dst, void **src, int n, int (*cmp)(void *p), int maxclass)
>                 src[i] = NULL;
>         }
>
> +       kfree(count);
>         return 0;
>  }

Instead of dynamically allocating and freeing memory here, shouldn't
we just get rid of the maxclass parameter and use XFRM_MAX_DEPTH as
size for the count[] array, too?

Cheers,
Mathias