From: Mimi Zohar <zohar@linux.ibm.com>
To: Arnd Bergmann <arnd@arndb.de>,
Dmitry Kasatkin <dmitry.kasatkin@gmail.com>,
James Morris <jmorris@namei.org>,
"Serge E. Hallyn" <serge@hallyn.com>
Cc: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>,
Stefan Berger <stefanb@linux.vnet.ibm.com>,
linux-integrity@vger.kernel.org,
linux-security-module@vger.kernel.org,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH] ima: dynamically allocate shash_desc
Date: Mon, 17 Jun 2019 11:55:51 -0400 [thread overview]
Message-ID: <1560786951.4072.103.camel@linux.ibm.com> (raw)
In-Reply-To: <20190617115838.2397872-1-arnd@arndb.de>
On Mon, 2019-06-17 at 13:20 +0200, Arnd Bergmann wrote:
> On 32-bit ARM, we get a warning about excessive stack usage when
> building with clang.
>
> security/integrity/ima/ima_crypto.c:504:5: error: stack frame size
> of 1152 bytes in function 'ima_calc_field_array_hash' [-Werror,-
> Wframe-larger-than=]
I'm definitely not seeing this. Is this problem a result of non
upstreamed patches? For sha1, currently the only possible hash
algorithm, I'm seeing 664.
Mimi
>
> Using kmalloc to get the descriptor reduces this to 320 bytes.
>
> Signed-off-by: Arnd Bergmann <arnd@arndb.de>
> ---
> security/integrity/ima/ima_crypto.c | 12 +++++++++---
> 1 file changed, 9 insertions(+), 3 deletions(-)
>
> diff --git a/security/integrity/ima/ima_crypto.c b/security/integrity/ima/ima_crypto.c
> index d4c7b8e1b083..8a66bab4c435 100644
> --- a/security/integrity/ima/ima_crypto.c
> +++ b/security/integrity/ima/ima_crypto.c
> @@ -461,16 +461,21 @@ static int ima_calc_field_array_hash_tfm(struct ima_field_data *field_data,
> struct ima_digest_data *hash,
> struct crypto_shash *tfm)
> {
> - SHASH_DESC_ON_STACK(shash, tfm);
> + struct shash_desc *shash;
> int rc, i;
>
> + shash = kmalloc(sizeof(struct shash_desc) + crypto_shash_descsize(tfm),
> + GFP_KERNEL);
> + if (!shash)
> + return -ENOMEM;
> +
> shash->tfm = tfm;
>
> hash->length = crypto_shash_digestsize(tfm);
>
> rc = crypto_shash_init(shash);
> if (rc != 0)
> - return rc;
> + goto out;
>
> for (i = 0; i < num_fields; i++) {
> u8 buffer[IMA_EVENT_NAME_LEN_MAX + 1] = { 0 };
> @@ -497,7 +502,8 @@ static int ima_calc_field_array_hash_tfm(struct ima_field_data *field_data,
>
> if (!rc)
> rc = crypto_shash_final(shash, hash->digest);
> -
> +out:
> + kfree(shash);
> return rc;
> }
>
next prev parent reply other threads:[~2019-06-17 15:56 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-06-17 11:20 [PATCH] ima: dynamically allocate shash_desc Arnd Bergmann
2019-06-17 15:55 ` Mimi Zohar [this message]
2019-06-17 18:07 ` Mimi Zohar
2019-06-17 20:08 ` Arnd Bergmann
2019-06-18 12:44 ` Mimi Zohar
2019-06-18 18:06 ` Arnd Bergmann
2019-06-18 18:53 ` Mimi Zohar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1560786951.4072.103.camel@linux.ibm.com \
--to=zohar@linux.ibm.com \
--cc=arnd@arndb.de \
--cc=dmitry.kasatkin@gmail.com \
--cc=jarkko.sakkinen@linux.intel.com \
--cc=jmorris@namei.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=serge@hallyn.com \
--cc=stefanb@linux.vnet.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.