Linus Torvalds writes: (Summary) It generates much more code, and
much _slower_ code (and more fragile code), than just using a fixed
key size would have done.
key size would have done.
Ok, so lib/btree.c looks more core (by being in lib/) than it actually is - I don't see the 128-bit btree being used *anywhere*, and the others are only used by two drivers: the qla2xxx scsi driver and the bcm2835-camera driver in staging.
bcm2835-camera driver in staging.
Anyway, some of these are definitely easy to just fix, and using VLA's is actively bad not just for security worries, but simply because VLA's are a really horribly bad idea in general in the kernel.
key size would have done.
Ok, so lib/btree.c looks more core (by being in lib/) than it actually is - I don't see the 128-bit btree being used *anywhere*, and the others are only used by two drivers: the qla2xxx scsi driver and the bcm2835-camera driver in staging.
bcm2835-camera driver in staging.
Anyway, some of these are definitely easy to just fix, and using VLA's is actively bad not just for security worries, but simply because VLA's are a really horribly bad idea in general in the kernel.