Re: [PATCH] drbd: dynamically allocate shash descriptor

From: Herbert Xu
Date: Mon Jun 17 2019 - 10:48:50 EST


On Mon, Jun 17, 2019 at 03:24:13PM +0200, Arnd Bergmann wrote:
> Building with clang and KASAN, we get a warning about an overly large
> stack frame on 32-bit architectures:
>
> drivers/block/drbd/drbd_receiver.c:921:31: error: stack frame size of 1280 bytes in function 'conn_connect'
> [-Werror,-Wframe-larger-than=]
>
> We already allocate other data dynamically in this function, so
> just do the same for the shash descriptor, which makes up most of
> this memory.
>
> Signed-off-by: Arnd Bergmann <arnd@xxxxxxxx>
> ---
> drivers/block/drbd/drbd_receiver.c | 10 +++++++++-
> 1 file changed, 9 insertions(+), 1 deletion(-)

Does this patch fix the warning as well?

diff --git a/drivers/block/drbd/drbd_receiver.c b/drivers/block/drbd/drbd_receiver.c
index 90ebfcae0ce6..ead13a6b3887 100644
--- a/drivers/block/drbd/drbd_receiver.c
+++ b/drivers/block/drbd/drbd_receiver.c
@@ -5401,6 +5401,35 @@ static int drbd_do_auth(struct drbd_connection *connection)
#else
#define CHALLENGE_LEN 64

+static char *drbd_get_response(struct drbd_connection *connection,
+ const char *challenge, unsigned int len)
+{
+ unsigned dlen = crypto_shash_digestsize(connection->cram_hmac_tfm);
+ SHASH_DESC_ON_STACK(desc, connection->cram_hmac_tfm);
+ char *response;
+ int err;
+
+ desc->tfm = connection->cram_hmac_tfm;
+
+ response = kmalloc(dlen, GFP_NOIO);
+ if (!response) {
+ drbd_err(connection, "kmalloc of response failed\n");
+ goto out;
+ }
+
+ err = crypto_shash_digest(desc, challenge, len, response);
+ if (err) {
+ drbd_err(connection, "crypto_shash_digest() failed with %d\n",
+ err);
+ kfree(response);
+ response = NULL;
+ }
+
+out:
+ shash_desc_zero(desc);
+ return response;
+}
+
/* Return value:
1 - auth succeeded,
0 - failed, try again (network error),
@@ -5417,7 +5446,6 @@ static int drbd_do_auth(struct drbd_connection *connection)
unsigned int key_len;
char secret[SHARED_SECRET_MAX]; /* 64 byte */
unsigned int resp_size;
- SHASH_DESC_ON_STACK(desc, connection->cram_hmac_tfm);
struct packet_info pi;
struct net_conf *nc;
int err, rv;
@@ -5430,8 +5458,6 @@ static int drbd_do_auth(struct drbd_connection *connection)
memcpy(secret, nc->shared_secret, key_len);
rcu_read_unlock();

- desc->tfm = connection->cram_hmac_tfm;
-
rv = crypto_shash_setkey(connection->cram_hmac_tfm, (u8 *)secret, key_len);
if (rv) {
drbd_err(connection, "crypto_shash_setkey() failed with %d\n", rv);
@@ -5496,16 +5522,8 @@ static int drbd_do_auth(struct drbd_connection *connection)
}

resp_size = crypto_shash_digestsize(connection->cram_hmac_tfm);
- response = kmalloc(resp_size, GFP_NOIO);
+ response = drbd_get_response(connection, peers_ch, pi.size);
if (response == NULL) {
- drbd_err(connection, "kmalloc of response failed\n");
- rv = -1;
- goto fail;
- }
-
- rv = crypto_shash_digest(desc, peers_ch, pi.size, response);
- if (rv) {
- drbd_err(connection, "crypto_hash_digest() failed with %d\n", rv);
rv = -1;
goto fail;
}
@@ -5544,17 +5562,9 @@ static int drbd_do_auth(struct drbd_connection *connection)
goto fail;
}

- right_response = kmalloc(resp_size, GFP_NOIO);
+ right_response = drbd_get_response(connection, my_challenge,
+ CHALLENGE_LEN);
if (right_response == NULL) {
- drbd_err(connection, "kmalloc of right_response failed\n");
- rv = -1;
- goto fail;
- }
-
- rv = crypto_shash_digest(desc, my_challenge, CHALLENGE_LEN,
- right_response);
- if (rv) {
- drbd_err(connection, "crypto_hash_digest() failed with %d\n", rv);
rv = -1;
goto fail;
}
@@ -5571,7 +5581,6 @@ static int drbd_do_auth(struct drbd_connection *connection)
kfree(peers_ch);
kfree(response);
kfree(right_response);
- shash_desc_zero(desc);

return rv;
}
--
Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt