| From 0d2669a69810c9cf62d5bde4f57d4f8ebb31615c Mon Sep 17 00:00:00 2001 |
| From: Arnd Bergmann <arnd@arndb.de> |
| Date: Mon, 22 Jul 2019 14:26:34 +0200 |
| Subject: drbd: dynamically allocate shash descriptor |
| |
| [ Upstream commit 77ce56e2bfaa64127ae5e23ef136c0168b818777 ] |
| |
| Building with clang and KASAN, we get a warning about an overly large |
| stack frame on 32-bit architectures: |
| |
| drivers/block/drbd/drbd_receiver.c:921:31: error: stack frame size of 1280 bytes in function 'conn_connect' |
| [-Werror,-Wframe-larger-than=] |
| |
| We already allocate other data dynamically in this function, so |
| just do the same for the shash descriptor, which makes up most of |
| this memory. |
| |
| Link: https://lore.kernel.org/lkml/20190617132440.2721536-1-arnd@arndb.de/ |
| Reviewed-by: Kees Cook <keescook@chromium.org> |
| Reviewed-by: Roland Kammerer <roland.kammerer@linbit.com> |
| Signed-off-by: Arnd Bergmann <arnd@arndb.de> |
| Signed-off-by: Jens Axboe <axboe@kernel.dk> |
| Signed-off-by: Sasha Levin <sashal@kernel.org> |
| --- |
| drivers/block/drbd/drbd_receiver.c | 14 ++++++++++++-- |
| 1 file changed, 12 insertions(+), 2 deletions(-) |
| |
| diff --git a/drivers/block/drbd/drbd_receiver.c b/drivers/block/drbd/drbd_receiver.c |
| index 1aad373da50e2..8fbdfaacc2226 100644 |
| --- a/drivers/block/drbd/drbd_receiver.c |
| +++ b/drivers/block/drbd/drbd_receiver.c |
| @@ -5237,7 +5237,7 @@ static int drbd_do_auth(struct drbd_connection *connection) |
| unsigned int key_len; |
| char secret[SHARED_SECRET_MAX]; /* 64 byte */ |
| unsigned int resp_size; |
| - SHASH_DESC_ON_STACK(desc, connection->cram_hmac_tfm); |
| + struct shash_desc *desc; |
| struct packet_info pi; |
| struct net_conf *nc; |
| int err, rv; |
| @@ -5250,6 +5250,13 @@ static int drbd_do_auth(struct drbd_connection *connection) |
| memcpy(secret, nc->shared_secret, key_len); |
| rcu_read_unlock(); |
| |
| + desc = kmalloc(sizeof(struct shash_desc) + |
| + crypto_shash_descsize(connection->cram_hmac_tfm), |
| + GFP_KERNEL); |
| + if (!desc) { |
| + rv = -1; |
| + goto fail; |
| + } |
| desc->tfm = connection->cram_hmac_tfm; |
| desc->flags = 0; |
| |
| @@ -5392,7 +5399,10 @@ static int drbd_do_auth(struct drbd_connection *connection) |
| kfree(peers_ch); |
| kfree(response); |
| kfree(right_response); |
| - shash_desc_zero(desc); |
| + if (desc) { |
| + shash_desc_zero(desc); |
| + kfree(desc); |
| + } |
| |
| return rv; |
| } |
| -- |
| 2.20.1 |
| |