On Wed, Jun 20, 2018 at 12:04:03PM -0700, Kees Cook wrote: > In the quest to remove all stack VLA usage from the kernel[1], this > uses the upper bounds on blocksize. > > [1] https://lkml.kernel.org/r/CA+55aFzCG-zNmZwX4A2FQpadafLfEzK6CC=qPXydAacU1RqZWA@xxxxxxxxxxxxxx > > Signed-off-by: Kees Cook <keescook@xxxxxxxxxxxx> > --- > include/crypto/cbc.h | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/include/crypto/cbc.h b/include/crypto/cbc.h > index f5b8bfc22e6d..260096bcf99b 100644 > --- a/include/crypto/cbc.h > +++ b/include/crypto/cbc.h > @@ -113,7 +113,7 @@ static inline int crypto_cbc_decrypt_inplace( > unsigned int bsize = crypto_skcipher_blocksize(tfm); > unsigned int nbytes = walk->nbytes; > u8 *src = walk->src.virt.addr; > - u8 last_iv[bsize]; > + u8 last_iv[CRYPTO_ALG_MAX_BLOCKSIZE]; > Why not MAX_CIPHER_BLOCKSIZE? - Eric