On Mon, Jul 16, 2018 at 5:49 AM, Kees Cook <[email protected]> wrote: > The use of SKCIPHER_REQUEST_ON_STACK() will trigger FRAME_WARN warnings > (when less than 2048) once the VLA is no longer hidden from the check: > > net/rxrpc/rxkad.c:398:1: warning: the frame size of 1152 bytes is larger than > 1024 bytes [-Wframe-larger-than=] > net/rxrpc/rxkad.c:242:1: warning: the frame size of 1152 bytes is larger than > 1024 bytes [-Wframe-larger-than=] > > This passes the initial SKCIPHER_REQUEST_ON_STACK allocation to the leaf > functions for reuse. Two requests allocated on the stack are not needed > when only one is used at a time. > > Signed-off-by: Kees Cook <[email protected]>
This looks like a very nice solution to the problem. Acked-by: Arnd Bergmann <[email protected]> Since the large stack usage could already cause problems in older kernels, should this be backported to stable kernels as well? Arnd
