[PATCH] ima: dynamically allocate shash_desc

From: Arnd Bergmann
Date: Mon Jun 17 2019 - 08:04:12 EST


On 32-bit ARM, we get a warning about excessive stack usage when
building with clang.

security/integrity/ima/ima_crypto.c:504:5: error: stack frame size of 1152 bytes in function 'ima_calc_field_array_hash' [-Werror,-Wframe-larger-than=]

Using kmalloc to get the descriptor reduces this to 320 bytes.

Signed-off-by: Arnd Bergmann <arnd@xxxxxxxx>
---
security/integrity/ima/ima_crypto.c | 12 +++++++++---
1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/security/integrity/ima/ima_crypto.c b/security/integrity/ima/ima_crypto.c
index d4c7b8e1b083..8a66bab4c435 100644
--- a/security/integrity/ima/ima_crypto.c
+++ b/security/integrity/ima/ima_crypto.c
@@ -461,16 +461,21 @@ static int ima_calc_field_array_hash_tfm(struct ima_field_data *field_data,
struct ima_digest_data *hash,
struct crypto_shash *tfm)
{
- SHASH_DESC_ON_STACK(shash, tfm);
+ struct shash_desc *shash;
int rc, i;

+ shash = kmalloc(sizeof(struct shash_desc) + crypto_shash_descsize(tfm),
+ GFP_KERNEL);
+ if (!shash)
+ return -ENOMEM;
+
shash->tfm = tfm;

hash->length = crypto_shash_digestsize(tfm);

rc = crypto_shash_init(shash);
if (rc != 0)
- return rc;
+ goto out;

for (i = 0; i < num_fields; i++) {
u8 buffer[IMA_EVENT_NAME_LEN_MAX + 1] = { 0 };
@@ -497,7 +502,8 @@ static int ima_calc_field_array_hash_tfm(struct ima_field_data *field_data,

if (!rc)
rc = crypto_shash_final(shash, hash->digest);
-
+out:
+ kfree(shash);
return rc;
}

--
2.20.0