On Thu, Jul 12, 2018 at 8:11 AM, Arnd Bergmann <a...@arndb.de> wrote: > On Wed, Jul 11, 2018 at 10:36 PM, Kees Cook <keesc...@chromium.org> wrote: >> Two uses of SKCIPHER_REQUEST_ON_STACK() will trigger FRAME_WARN warnings >> (when less than 2048) once the VLA is no longer hidden from the check: >> >> net/rxrpc/rxkad.c:398:1: warning: the frame size of 1152 bytes is larger >> than 1024 bytes [-Wframe-larger-than=] >> net/rxrpc/rxkad.c:242:1: warning: the frame size of 1152 bytes is larger >> than 1024 bytes [-Wframe-larger-than=] >> >> This bumps the affected objects by 20% to silence the warnings while >> still providing coverage is anything grows even more. >> >> Signed-off-by: Kees Cook <keesc...@chromium.org> > > (adding David Howells to cc) > > I don't think these are in a fast path, it should be possible to just use > skcipher_alloc_req() instead of SKCIPHER_REQUEST_ON_STACK() here. > From what I can tell, neither of the two are called in atomic context, so > you should be able to use a GFP_KERNEL allocation.
Sure, I can do that instead. -Kees -- Kees Cook Pixel Security -- dm-devel mailing list dm-devel@redhat.com https://www.redhat.com/mailman/listinfo/dm-devel