* security/integrity/ima/ima_crypto.c:575:12: warning: stack frame size of 1152 bytes in function 'ima_calc_field_array_hash_tfm'
@ 2020-06-17 13:35 kernel test robot
2020-06-19 2:43 ` [kbuild-all] " Rong Chen
0 siblings, 1 reply; 3+ messages in thread
From: kernel test robot @ 2020-06-17 13:35 UTC (permalink / raw)
To: Roberto Sassu; +Cc: kbuild-all, clang-built-linux, linux-kernel, Mimi Zohar
[-- Attachment #1: Type: text/plain, Size: 5387 bytes --]
Hi Roberto,
FYI, the error/warning still remains.
tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
head: 69119673bd50b176ded34032fadd41530fb5af21
commit: 1ea973df6e2166d1a576cabe5d08925d3261ff9d ima: Calculate and extend PCR with digests in ima_template_entry
date: 8 weeks ago
config: mips-randconfig-r014-20200617 (attached as .config)
compiler: clang version 11.0.0 (https://github.com/llvm/llvm-project 487ca07fcc75d52755c9fe2ee05bcb3b6eeeec44)
reproduce (this is a W=1 build):
wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
chmod +x ~/bin/make.cross
# install mips cross compiling tool for clang build
# apt-get install binutils-mips-linux-gnu
git checkout 1ea973df6e2166d1a576cabe5d08925d3261ff9d
# save the attached .config to linux build tree
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross ARCH=mips
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
All warnings (new ones prefixed by >>, old ones prefixed by <<):
>> security/integrity/ima/ima_crypto.c:575:12: warning: stack frame size of 1152 bytes in function 'ima_calc_field_array_hash_tfm' [-Wframe-larger-than=]
static int ima_calc_field_array_hash_tfm(struct ima_field_data *field_data,
^
1 warning generated.
vim +/ima_calc_field_array_hash_tfm +575 security/integrity/ima/ima_crypto.c
3bcced39ea7d1b Dmitry Kasatkin 2014-02-26 571
3323eec921efd8 Mimi Zohar 2009-02-04 572 /*
a71dc65d30a472 Roberto Sassu 2013-06-07 573 * Calculate the hash of template data
3323eec921efd8 Mimi Zohar 2009-02-04 574 */
a71dc65d30a472 Roberto Sassu 2013-06-07 @575 static int ima_calc_field_array_hash_tfm(struct ima_field_data *field_data,
7ca79645a1f883 Roberto Sassu 2020-03-25 576 struct ima_template_entry *entry,
6d94809af6b083 Roberto Sassu 2020-03-25 577 int tfm_idx)
3323eec921efd8 Mimi Zohar 2009-02-04 578 {
6d94809af6b083 Roberto Sassu 2020-03-25 579 SHASH_DESC_ON_STACK(shash, ima_algo_array[tfm_idx].tfm);
7ca79645a1f883 Roberto Sassu 2020-03-25 580 struct ima_template_desc *td = entry->template_desc;
7ca79645a1f883 Roberto Sassu 2020-03-25 581 int num_fields = entry->template_desc->num_fields;
a71dc65d30a472 Roberto Sassu 2013-06-07 582 int rc, i;
3323eec921efd8 Mimi Zohar 2009-02-04 583
6d94809af6b083 Roberto Sassu 2020-03-25 584 shash->tfm = ima_algo_array[tfm_idx].tfm;
3323eec921efd8 Mimi Zohar 2009-02-04 585
357aabed626fe3 Behan Webster 2014-04-04 586 rc = crypto_shash_init(shash);
a71dc65d30a472 Roberto Sassu 2013-06-07 587 if (rc != 0)
a71dc65d30a472 Roberto Sassu 2013-06-07 588 return rc;
a71dc65d30a472 Roberto Sassu 2013-06-07 589
a71dc65d30a472 Roberto Sassu 2013-06-07 590 for (i = 0; i < num_fields; i++) {
e3b64c268b485f Roberto Sassu 2014-02-03 591 u8 buffer[IMA_EVENT_NAME_LEN_MAX + 1] = { 0 };
e3b64c268b485f Roberto Sassu 2014-02-03 592 u8 *data_to_hash = field_data[i].data;
e3b64c268b485f Roberto Sassu 2014-02-03 593 u32 datalen = field_data[i].len;
98e1d55d033eed Andreas Steffen 2016-12-19 594 u32 datalen_to_hash =
98e1d55d033eed Andreas Steffen 2016-12-19 595 !ima_canonical_fmt ? datalen : cpu_to_le32(datalen);
e3b64c268b485f Roberto Sassu 2014-02-03 596
b6f8f16f41d928 Roberto Sassu 2013-11-08 597 if (strcmp(td->name, IMA_TEMPLATE_IMA_NAME) != 0) {
357aabed626fe3 Behan Webster 2014-04-04 598 rc = crypto_shash_update(shash,
98e1d55d033eed Andreas Steffen 2016-12-19 599 (const u8 *) &datalen_to_hash,
98e1d55d033eed Andreas Steffen 2016-12-19 600 sizeof(datalen_to_hash));
b6f8f16f41d928 Roberto Sassu 2013-11-08 601 if (rc)
b6f8f16f41d928 Roberto Sassu 2013-11-08 602 break;
e3b64c268b485f Roberto Sassu 2014-02-03 603 } else if (strcmp(td->fields[i]->field_id, "n") == 0) {
e3b64c268b485f Roberto Sassu 2014-02-03 604 memcpy(buffer, data_to_hash, datalen);
e3b64c268b485f Roberto Sassu 2014-02-03 605 data_to_hash = buffer;
e3b64c268b485f Roberto Sassu 2014-02-03 606 datalen = IMA_EVENT_NAME_LEN_MAX + 1;
b6f8f16f41d928 Roberto Sassu 2013-11-08 607 }
357aabed626fe3 Behan Webster 2014-04-04 608 rc = crypto_shash_update(shash, data_to_hash, datalen);
a71dc65d30a472 Roberto Sassu 2013-06-07 609 if (rc)
a71dc65d30a472 Roberto Sassu 2013-06-07 610 break;
a71dc65d30a472 Roberto Sassu 2013-06-07 611 }
a71dc65d30a472 Roberto Sassu 2013-06-07 612
a71dc65d30a472 Roberto Sassu 2013-06-07 613 if (!rc)
6d94809af6b083 Roberto Sassu 2020-03-25 614 rc = crypto_shash_final(shash, entry->digests[tfm_idx].digest);
a71dc65d30a472 Roberto Sassu 2013-06-07 615
a71dc65d30a472 Roberto Sassu 2013-06-07 616 return rc;
3323eec921efd8 Mimi Zohar 2009-02-04 617 }
3323eec921efd8 Mimi Zohar 2009-02-04 618
:::::: The code at line 575 was first introduced by commit
:::::: a71dc65d30a472409f05d247f4eab91b14acf2f5 ima: switch to new template management mechanism
:::::: TO: Roberto Sassu <roberto.sassu@polito.it>
:::::: CC: Mimi Zohar <zohar@linux.vnet.ibm.com>
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org
[-- Attachment #2: .config.gz --]
[-- Type: application/gzip, Size: 31442 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [kbuild-all] security/integrity/ima/ima_crypto.c:575:12: warning: stack frame size of 1152 bytes in function 'ima_calc_field_array_hash_tfm'
2020-06-17 13:35 security/integrity/ima/ima_crypto.c:575:12: warning: stack frame size of 1152 bytes in function 'ima_calc_field_array_hash_tfm' kernel test robot
@ 2020-06-19 2:43 ` Rong Chen
2020-06-19 4:13 ` Herbert Xu
0 siblings, 1 reply; 3+ messages in thread
From: Rong Chen @ 2020-06-19 2:43 UTC (permalink / raw)
To: kernel test robot, Roberto Sassu, Herbert Xu
Cc: kbuild-all, clang-built-linux, linux-kernel, Mimi Zohar
[-- Attachment #1: Type: text/plain, Size: 5965 bytes --]
Hi Herbert,
Could you take a look at this warning? Roberto mentioned you in previous
report:
https://lore.kernel.org/linux-integrity/9dbec9465bda4f8995a42593eb0db010@huawei.com/
Best Regards,
Rong Chen
On 6/17/20 9:35 PM, kernel test robot wrote:
> Hi Roberto,
>
> FYI, the error/warning still remains.
>
> tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
> head: 69119673bd50b176ded34032fadd41530fb5af21
> commit: 1ea973df6e2166d1a576cabe5d08925d3261ff9d ima: Calculate and extend PCR with digests in ima_template_entry
> date: 8 weeks ago
> config: mips-randconfig-r014-20200617 (attached as .config)
> compiler: clang version 11.0.0 (https://github.com/llvm/llvm-project 487ca07fcc75d52755c9fe2ee05bcb3b6eeeec44)
> reproduce (this is a W=1 build):
> wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
> chmod +x ~/bin/make.cross
> # install mips cross compiling tool for clang build
> # apt-get install binutils-mips-linux-gnu
> git checkout 1ea973df6e2166d1a576cabe5d08925d3261ff9d
> # save the attached .config to linux build tree
> COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross ARCH=mips
>
> If you fix the issue, kindly add following tag as appropriate
> Reported-by: kernel test robot <lkp@intel.com>
>
> All warnings (new ones prefixed by >>, old ones prefixed by <<):
>
>>> security/integrity/ima/ima_crypto.c:575:12: warning: stack frame size of 1152 bytes in function 'ima_calc_field_array_hash_tfm' [-Wframe-larger-than=]
> static int ima_calc_field_array_hash_tfm(struct ima_field_data *field_data,
> ^
> 1 warning generated.
>
> vim +/ima_calc_field_array_hash_tfm +575 security/integrity/ima/ima_crypto.c
>
> 3bcced39ea7d1b Dmitry Kasatkin 2014-02-26 571
> 3323eec921efd8 Mimi Zohar 2009-02-04 572 /*
> a71dc65d30a472 Roberto Sassu 2013-06-07 573 * Calculate the hash of template data
> 3323eec921efd8 Mimi Zohar 2009-02-04 574 */
> a71dc65d30a472 Roberto Sassu 2013-06-07 @575 static int ima_calc_field_array_hash_tfm(struct ima_field_data *field_data,
> 7ca79645a1f883 Roberto Sassu 2020-03-25 576 struct ima_template_entry *entry,
> 6d94809af6b083 Roberto Sassu 2020-03-25 577 int tfm_idx)
> 3323eec921efd8 Mimi Zohar 2009-02-04 578 {
> 6d94809af6b083 Roberto Sassu 2020-03-25 579 SHASH_DESC_ON_STACK(shash, ima_algo_array[tfm_idx].tfm);
> 7ca79645a1f883 Roberto Sassu 2020-03-25 580 struct ima_template_desc *td = entry->template_desc;
> 7ca79645a1f883 Roberto Sassu 2020-03-25 581 int num_fields = entry->template_desc->num_fields;
> a71dc65d30a472 Roberto Sassu 2013-06-07 582 int rc, i;
> 3323eec921efd8 Mimi Zohar 2009-02-04 583
> 6d94809af6b083 Roberto Sassu 2020-03-25 584 shash->tfm = ima_algo_array[tfm_idx].tfm;
> 3323eec921efd8 Mimi Zohar 2009-02-04 585
> 357aabed626fe3 Behan Webster 2014-04-04 586 rc = crypto_shash_init(shash);
> a71dc65d30a472 Roberto Sassu 2013-06-07 587 if (rc != 0)
> a71dc65d30a472 Roberto Sassu 2013-06-07 588 return rc;
> a71dc65d30a472 Roberto Sassu 2013-06-07 589
> a71dc65d30a472 Roberto Sassu 2013-06-07 590 for (i = 0; i < num_fields; i++) {
> e3b64c268b485f Roberto Sassu 2014-02-03 591 u8 buffer[IMA_EVENT_NAME_LEN_MAX + 1] = { 0 };
> e3b64c268b485f Roberto Sassu 2014-02-03 592 u8 *data_to_hash = field_data[i].data;
> e3b64c268b485f Roberto Sassu 2014-02-03 593 u32 datalen = field_data[i].len;
> 98e1d55d033eed Andreas Steffen 2016-12-19 594 u32 datalen_to_hash =
> 98e1d55d033eed Andreas Steffen 2016-12-19 595 !ima_canonical_fmt ? datalen : cpu_to_le32(datalen);
> e3b64c268b485f Roberto Sassu 2014-02-03 596
> b6f8f16f41d928 Roberto Sassu 2013-11-08 597 if (strcmp(td->name, IMA_TEMPLATE_IMA_NAME) != 0) {
> 357aabed626fe3 Behan Webster 2014-04-04 598 rc = crypto_shash_update(shash,
> 98e1d55d033eed Andreas Steffen 2016-12-19 599 (const u8 *) &datalen_to_hash,
> 98e1d55d033eed Andreas Steffen 2016-12-19 600 sizeof(datalen_to_hash));
> b6f8f16f41d928 Roberto Sassu 2013-11-08 601 if (rc)
> b6f8f16f41d928 Roberto Sassu 2013-11-08 602 break;
> e3b64c268b485f Roberto Sassu 2014-02-03 603 } else if (strcmp(td->fields[i]->field_id, "n") == 0) {
> e3b64c268b485f Roberto Sassu 2014-02-03 604 memcpy(buffer, data_to_hash, datalen);
> e3b64c268b485f Roberto Sassu 2014-02-03 605 data_to_hash = buffer;
> e3b64c268b485f Roberto Sassu 2014-02-03 606 datalen = IMA_EVENT_NAME_LEN_MAX + 1;
> b6f8f16f41d928 Roberto Sassu 2013-11-08 607 }
> 357aabed626fe3 Behan Webster 2014-04-04 608 rc = crypto_shash_update(shash, data_to_hash, datalen);
> a71dc65d30a472 Roberto Sassu 2013-06-07 609 if (rc)
> a71dc65d30a472 Roberto Sassu 2013-06-07 610 break;
> a71dc65d30a472 Roberto Sassu 2013-06-07 611 }
> a71dc65d30a472 Roberto Sassu 2013-06-07 612
> a71dc65d30a472 Roberto Sassu 2013-06-07 613 if (!rc)
> 6d94809af6b083 Roberto Sassu 2020-03-25 614 rc = crypto_shash_final(shash, entry->digests[tfm_idx].digest);
> a71dc65d30a472 Roberto Sassu 2013-06-07 615
> a71dc65d30a472 Roberto Sassu 2013-06-07 616 return rc;
> 3323eec921efd8 Mimi Zohar 2009-02-04 617 }
> 3323eec921efd8 Mimi Zohar 2009-02-04 618
>
> :::::: The code at line 575 was first introduced by commit
> :::::: a71dc65d30a472409f05d247f4eab91b14acf2f5 ima: switch to new template management mechanism
>
> :::::: TO: Roberto Sassu <roberto.sassu@polito.it>
> :::::: CC: Mimi Zohar <zohar@linux.vnet.ibm.com>
>
> ---
> 0-DAY CI Kernel Test Service, Intel Corporation
> https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org
>
> _______________________________________________
> kbuild-all mailing list -- kbuild-all@lists.01.org
> To unsubscribe send an email to kbuild-all-leave@lists.01.org
[-- Attachment #2: .config.gz --]
[-- Type: application/gzip, Size: 31442 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [kbuild-all] security/integrity/ima/ima_crypto.c:575:12: warning: stack frame size of 1152 bytes in function 'ima_calc_field_array_hash_tfm'
2020-06-19 2:43 ` [kbuild-all] " Rong Chen
@ 2020-06-19 4:13 ` Herbert Xu
0 siblings, 0 replies; 3+ messages in thread
From: Herbert Xu @ 2020-06-19 4:13 UTC (permalink / raw)
To: Rong Chen
Cc: kernel test robot, Roberto Sassu, kbuild-all, clang-built-linux,
linux-kernel, Mimi Zohar, linux-integrity, Dmitry Kasatkin
On Fri, Jun 19, 2020 at 10:43:22AM +0800, Rong Chen wrote:
>
> Could you take a look at this warning? Roberto mentioned you in previous
> report:
> https://lore.kernel.org/linux-integrity/9dbec9465bda4f8995a42593eb0db010@huawei.com/
Well having a shash descriptor on the stack is always pushing
the envelope. Doing it when you put another 256-byte string is
obviously not a good idea. The good thing is that the string
isn't necessary, so how about:
---8<---
The function ima_calc_field_array_hash_tfm uses a stack descriptor
for shash. As hashing requires a large amount of space this means
that you shouldn't put any other large data on the stack at the same
time, for example, you definitely shouldn't put a 256-byte string
which you're going to hash on the stack.
Luckily this string is mostly composed of zeroes so we could just
use ZERO_PAGE instead.
Reported-by: kbuild test robot <lkp@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
diff --git a/security/integrity/ima/ima_crypto.c b/security/integrity/ima/ima_crypto.c
index 220b14920c37..0a925d1a1bf7 100644
--- a/security/integrity/ima/ima_crypto.c
+++ b/security/integrity/ima/ima_crypto.c
@@ -11,6 +11,7 @@
*/
#include <linux/kernel.h>
+#include <linux/mm.h>
#include <linux/moduleparam.h>
#include <linux/ratelimit.h>
#include <linux/file.h>
@@ -605,11 +606,11 @@ static int ima_calc_field_array_hash_tfm(struct ima_field_data *field_data,
return rc;
for (i = 0; i < num_fields; i++) {
- u8 buffer[IMA_EVENT_NAME_LEN_MAX + 1] = { 0 };
u8 *data_to_hash = field_data[i].data;
u32 datalen = field_data[i].len;
u32 datalen_to_hash =
!ima_canonical_fmt ? datalen : cpu_to_le32(datalen);
+ u32 padlen = 0;
if (strcmp(td->name, IMA_TEMPLATE_IMA_NAME) != 0) {
rc = crypto_shash_update(shash,
@@ -617,14 +618,21 @@ static int ima_calc_field_array_hash_tfm(struct ima_field_data *field_data,
sizeof(datalen_to_hash));
if (rc)
break;
- } else if (strcmp(td->fields[i]->field_id, "n") == 0) {
- memcpy(buffer, data_to_hash, datalen);
- data_to_hash = buffer;
- datalen = IMA_EVENT_NAME_LEN_MAX + 1;
- }
+ } else if (strcmp(td->fields[i]->field_id, "n") == 0 &&
+ datalen < IMA_EVENT_NAME_LEN_MAX + 1)
+ padlen = IMA_EVENT_NAME_LEN_MAX + 1 - datalen;
+
rc = crypto_shash_update(shash, data_to_hash, datalen);
if (rc)
break;
+
+ if (padlen) {
+ const u8 *zero = page_address(ZERO_PAGE(0));
+
+ rc = crypto_shash_update(shash, zero, padlen);
+ if (rc)
+ break;
+ }
}
if (!rc)
--
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
^ permalink raw reply related [flat|nested] 3+ messages in thread
end of thread, other threads:[~2020-06-19 4:13 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-06-17 13:35 security/integrity/ima/ima_crypto.c:575:12: warning: stack frame size of 1152 bytes in function 'ima_calc_field_array_hash_tfm' kernel test robot
2020-06-19 2:43 ` [kbuild-all] " Rong Chen
2020-06-19 4:13 ` Herbert Xu
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).