From 4a1b0df1df97413a41e21c5afc4a1ee242c71ced Mon Sep 17 00:00:00 2001
From: Yash Bhatt <ybhatt@nvidia.com>
Date: Tue, 20 Aug 2024 13:23:53 +0000
Subject: [PATCH] crypto: Fix stack frame size exceeded error in fuzzing build

Enabling KASAN is causing stack frame size exceeded error in crypto
driver, Fix this by allocating struct get_ivc_db dynamically while
enabling KASAN for fuzzing build.

Bug 4615347

Change-Id: Ie1959b3c79c8ca2f31f79ea76aeb55490bd9917b
Signed-off-by: Yash Bhatt <ybhatt@nvidia.com>
Reviewed-on: https://git-master.nvidia.com/r/c/linux-nv-oot/+/3196965
Reviewed-by: Pritesh Raithatha <praithatha@nvidia.com>
GVS: buildbot_gerritrpt <buildbot_gerritrpt@nvidia.com>
---
 drivers/crypto/tegra-nvvse-cryptodev.c | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/drivers/crypto/tegra-nvvse-cryptodev.c b/drivers/crypto/tegra-nvvse-cryptodev.c
index 63f9413a..085b0e06 100644
--- a/drivers/crypto/tegra-nvvse-cryptodev.c
+++ b/drivers/crypto/tegra-nvvse-cryptodev.c
@@ -1837,7 +1837,7 @@ static long tnvvse_crypto_dev_ioctl(struct file *filp,
 	struct tegra_nvvse_aes_drng_ctl *aes_drng_ctl;
 	struct tegra_nvvse_aes_gmac_init_ctl *aes_gmac_init_ctl;
 	struct tegra_nvvse_aes_gmac_sign_verify_ctl *aes_gmac_sign_verify_ctl;
-	struct tegra_nvvse_get_ivc_db get_ivc_db;
+	struct tegra_nvvse_get_ivc_db *get_ivc_db;
 	struct tegra_nvvse_tsec_get_keyload_status *tsec_keyload_status;
 	int ret = 0;
 
@@ -2106,18 +2106,27 @@ static long tnvvse_crypto_dev_ioctl(struct file *filp,
 		break;
 
 	case NVVSE_IOCTL_CMDID_GET_IVC_DB:
-		ret = tnvvse_crypto_get_ivc_db(&get_ivc_db);
+		get_ivc_db = kzalloc(sizeof(*get_ivc_db), GFP_KERNEL);
+		if (!get_ivc_db) {
+			pr_err("%s(): failed to allocate memory\n", __func__);
+			return -ENOMEM;
+		}
+
+		ret = tnvvse_crypto_get_ivc_db(get_ivc_db);
 		if (ret) {
 			pr_err("%s(): Failed to get ivc database get_ivc_db:%d\n", __func__, ret);
+			kfree(get_ivc_db);
 			goto out;
 		}
 
 		ret = copy_to_user((void __user *)arg, &ivc_database, sizeof(ivc_database));
 		if (ret) {
 			pr_err("%s(): Failed to copy_to_user ivc_database:%d\n", __func__, ret);
+			kfree(get_ivc_db);
 			goto out;
 		}
 
+		kfree(get_ivc_db);
 		break;
 
 	case NVVSE_IOCTL_CMDID_TSEC_SIGN_VERIFY: