[PATCH] ima: dynamically allocate shash_desc

[Arnd Bergmann]

On 32-bit ARM, we get a warning about excessive stack usage when
building with clang.

security/integrity/ima/ima_crypto.c:504:5: error: stack frame size of 1152 bytes in function 'ima_calc_field_array_hash' [-Werror,-Wframe-larger-than=]

Using kmalloc to get the descriptor reduces this to 320 bytes.

Signed-off-by: Arnd Bergmann <arnd at arndb.de>
---
 security/integrity/ima/ima_crypto.c | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/security/integrity/ima/ima_crypto.c b/security/integrity/ima/ima_crypto.c
index d4c7b8e1b083..8a66bab4c435 100644
--- a/security/integrity/ima/ima_crypto.c
+++ b/security/integrity/ima/ima_crypto.c
@@ -461,16 +461,21 @@ static int ima_calc_field_array_hash_tfm(struct ima_field_data *field_data,
 					 struct ima_digest_data *hash,
 					 struct crypto_shash *tfm)
 {
-	SHASH_DESC_ON_STACK(shash, tfm);
+	struct shash_desc *shash;
 	int rc, i;
 
+	shash = kmalloc(sizeof(struct shash_desc) + crypto_shash_descsize(tfm),
+			GFP_KERNEL);
+	if (!shash)
+		return -ENOMEM;
+
 	shash->tfm = tfm;
 
 	hash->length = crypto_shash_digestsize(tfm);
 
 	rc = crypto_shash_init(shash);
 	if (rc != 0)
-		return rc;
+		goto out;
 
 	for (i = 0; i < num_fields; i++) {
 		u8 buffer[IMA_EVENT_NAME_LEN_MAX + 1] = { 0 };
@@ -497,7 +502,8 @@ static int ima_calc_field_array_hash_tfm(struct ima_field_data *field_data,
 
 	if (!rc)
 		rc = crypto_shash_final(shash, hash->digest);
-
+out:
+	kfree(shash);
 	return rc;
 }
 
-- 
2.20.0