lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <0EA9C088-D1B1-4E6E-B42F-EFE9C69D1005@linux.dev>
Date: Sun, 23 Nov 2025 18:00:01 +0100
From: Thorsten Blum <thorsten.blum@...ux.dev>
To: david laight <david.laight@...box.com>
Cc: Eric Biggers <ebiggers@...nel.org>,
 "Jason A. Donenfeld" <Jason@...c4.com>,
 Ard Biesheuvel <ardb@...nel.org>,
 linux-crypto@...r.kernel.org,
 linux-kernel@...r.kernel.org
Subject: Re: [PATCH] lib/crypto: blake2b: Limit frame size workaround to GCC <
 12.2 on i386

On 23. Nov 2025, at 10:28, david laight wrote:
> On Sat, 22 Nov 2025 11:55:31 +0100
> Thorsten Blum <thorsten.blum@...ux.dev> wrote:
> 
>> The GCC bug only occurred on i386 and has been resolved since GCC 12.2.
>> Limit the frame size workaround to GCC < 12.2 on i386.
>> 
>> Signed-off-by: Thorsten Blum <thorsten.blum@...ux.dev>
>> ---
>> lib/crypto/Makefile | 4 ++++
>> 1 file changed, 4 insertions(+)
>> 
>> diff --git a/lib/crypto/Makefile b/lib/crypto/Makefile
>> index b5346cebbb55..5ee36a231484 100644
>> --- a/lib/crypto/Makefile
>> +++ b/lib/crypto/Makefile
>> @@ -33,7 +33,11 @@ obj-$(CONFIG_CRYPTO_LIB_GF128MUL) += gf128mul.o
>> 
>> obj-$(CONFIG_CRYPTO_LIB_BLAKE2B) += libblake2b.o
>> libblake2b-y := blake2b.o
>> +ifeq ($(CONFIG_X86_32),y)
>> +ifeq ($(CONFIG_CC_IS_GCC)_$(call gcc-min-version, 120200),y_)
>> CFLAGS_blake2b.o := -Wframe-larger-than=4096 #  https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105930
>> +endif # CONFIG_CC_IS_GCC
>> +endif # CONFIG_X86_32
> 
> Isn't that just going to cause a run-time stack overflow?

My change doesn't cause a runtime stack overflow, it's just a compiler
warning. There's more information in commit 1d3551ced64e ("crypto:
blake2b: effectively disable frame size warning").

Given the kernel test robot results with GCC 15.1.0 on m68k, we should
probably make this conditional on GCC (any version). Clang produces much
smaller stack frames and should be fine with the default warning
threshold.

I'll send a v2.

Thanks,
Thorsten

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ