On Mon, 2019-06-17 at 13:20 +0200, Arnd Bergmann wrote: > On 32-bit ARM, we get a warning about excessive stack usage when > building with clang. > > security/integrity/ima/ima_crypto.c:504:5: error: stack frame size > of 1152 bytes in function 'ima_calc_field_array_hash' [-Werror,- > Wframe-larger-than=]
I'm definitely not seeing this. Is this problem a result of non upstreamed patches? For sha1, currently the only possible hash algorithm, I'm seeing 664. Mimi > > Using kmalloc to get the descriptor reduces this to 320 bytes. > > Signed-off-by: Arnd Bergmann <[email protected]> > --- > security/integrity/ima/ima_crypto.c | 12 +++++++++--- > 1 file changed, 9 insertions(+), 3 deletions(-) > > diff --git a/security/integrity/ima/ima_crypto.c > b/security/integrity/ima/ima_crypto.c > index d4c7b8e1b083..8a66bab4c435 100644 > --- a/security/integrity/ima/ima_crypto.c > +++ b/security/integrity/ima/ima_crypto.c > @@ -461,16 +461,21 @@ static int ima_calc_field_array_hash_tfm(struct > ima_field_data *field_data, > struct ima_digest_data *hash, > struct crypto_shash *tfm) > { > - SHASH_DESC_ON_STACK(shash, tfm); > + struct shash_desc *shash; > int rc, i; > > + shash = kmalloc(sizeof(struct shash_desc) + crypto_shash_descsize(tfm), > + GFP_KERNEL); > + if (!shash) > + return -ENOMEM; > + > shash->tfm = tfm; > > hash->length = crypto_shash_digestsize(tfm); > > rc = crypto_shash_init(shash); > if (rc != 0) > - return rc; > + goto out; > > for (i = 0; i < num_fields; i++) { > u8 buffer[IMA_EVENT_NAME_LEN_MAX + 1] = { 0 }; > @@ -497,7 +502,8 @@ static int ima_calc_field_array_hash_tfm(struct > ima_field_data *field_data, > > if (!rc) > rc = crypto_shash_final(shash, hash->digest); > - > +out: > + kfree(shash); > return rc; > } >
