lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <20251123211317.GA3667167@ax162>
Date: Sun, 23 Nov 2025 14:13:17 -0700
From: Nathan Chancellor <nathan@...nel.org>
To: Thorsten Blum <thorsten.blum@...ux.dev>
Cc: Eric Biggers <ebiggers@...nel.org>,
	"Jason A. Donenfeld" <Jason@...c4.com>,
	Ard Biesheuvel <ardb@...nel.org>,
	Nick Desaulniers <nick.desaulniers+lkml@...il.com>,
	Bill Wendling <morbo@...gle.com>,
	Justin Stitt <justinstitt@...gle.com>, linux-crypto@...r.kernel.org,
	linux-kernel@...r.kernel.org, llvm@...ts.linux.dev
Subject: Re: [PATCH v2] lib/crypto: blake2b: Limit frame size workaround to
 GCC

On Sun, Nov 23, 2025 at 07:25:17PM +0100, Thorsten Blum wrote:
> The GCC regression only affected i386 and has been fixed since GCC 12.2.
> However, modern GCC versions still generate large stack frames on other
> architectures (e.g., 3440 bytes for blake2b_compress_generic() on m68k
> with GCC 15.1.0). Clang handles these functions efficiently and should
> work fine with the default warning threshold.
> 
> Limit the frame size workaround to GCC only.
> 
> Signed-off-by: Thorsten Blum <thorsten.blum@...ux.dev>

Since the below comments are mostly nits:

Reviewed-by: Nathan Chancellor <nathan@...nel.org>

> ---
> Changes in v2:
> - Restrict frame size workaround to GCC independent of its version or
>   the architecture
> - Update patch title and description
> - Link to v1: https://lore.kernel.org/lkml/20251122105530.441350-2-thorsten.blum@linux.dev/
> ---
>  lib/crypto/Makefile | 2 ++
>  1 file changed, 2 insertions(+)
> 
> diff --git a/lib/crypto/Makefile b/lib/crypto/Makefile
> index b5346cebbb55..95a48393ffb4 100644
> --- a/lib/crypto/Makefile
> +++ b/lib/crypto/Makefile
> @@ -33,7 +33,9 @@ obj-$(CONFIG_CRYPTO_LIB_GF128MUL)		+= gf128mul.o
>  
>  obj-$(CONFIG_CRYPTO_LIB_BLAKE2B) += libblake2b.o
>  libblake2b-y := blake2b.o
> +ifeq ($(CONFIG_CC_IS_GCC),y)

I tend to prefer

  ifdef CONFIG_CC_IS_GCC

when the symbol is bool since it is a little easier to understand.

It may be worth a comment about the warnings on other architectures to
help future travellers who may be tempted to remove this when the
fixed GCC version of that bug report becomes the minimum.

>  CFLAGS_blake2b.o := -Wframe-larger-than=4096 #  https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105930
> +endif # CONFIG_CC_IS_GCC

This conditional feels small enough that it does not need this marker
but I guess that is maintainer preference.

>  ifeq ($(CONFIG_CRYPTO_LIB_BLAKE2B_ARCH),y)
>  CFLAGS_blake2b.o += -I$(src)/$(SRCARCH)
>  libblake2b-$(CONFIG_ARM) += arm/blake2b-neon-core.o
> -- 
> 2.51.1
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ