On Mon, 2019-06-17 at 22:08 +0200, Arnd Bergmann wrote: > On Mon, Jun 17, 2019 at 8:08 PM Mimi Zohar <zohar@xxxxxxxxxxxxx> wrote: > > > > On Mon, 2019-06-17 at 11:55 -0400, Mimi Zohar wrote: > > > On Mon, 2019-06-17 at 13:20 +0200, Arnd Bergmann wrote: > > > > On 32-bit ARM, we get a warning about excessive stack usage when > > > > building with clang. > > > > > > > > security/integrity/ima/ima_crypto.c:504:5: error: stack frame size > > > > of 1152 bytes in function 'ima_calc_field_array_hash' [-Werror,- > > > > Wframe-larger-than=] > > > > > > I'm definitely not seeing this. Is this problem a result of non > > > upstreamed patches? For sha1, currently the only possible hash > > > algorithm, I'm seeing 664. > > You won't see it with gcc, only with clang in some randconfig builds, > I suppose only when KASAN is enabled. > > > Every time a measurement is added to the measurement list, the memory > > would be allocated/freed. The frequency of new measurements is policy > > dependent. For performance reasons, I'd prefer if the allocation > > remains on the stack. > > Is there a way to preallocate the shash_desc instead? That would > avoid the overhead. There are 3 other SHASH_DESC_ON_STACK definitions in just ima_crypto.c, with a total of ~55 other places in the kernel. Before fixing this particular function, I'd like to know if the "excessive stack usage" warning is limited to ima_calc_field_array_hash_tfm(). If so, what is so special about its usage of SHASH_DESC_ON_STACK? thanks, Mimi
