From: Arnd Bergmann <arnd@arndb.de>
To: Herbert Xu <herbert@gondor.apana.org.au>,
"David S. Miller" <davem@davemloft.net>
Cc: Arnd Bergmann <arnd@arndb.de>,
"Jason A . Donenfeld" <Jason@zx2c4.com>,
Ard Biesheuvel <ardb@kernel.org>,
linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org,
clang-built-linux@googlegroups.com
Subject: [PATCH] crypto: curve25519-hacl64 - Disable fortify-source for clang-10
Date: Tue, 5 May 2020 15:59:34 +0200 [thread overview]
Message-ID: <20200505135947.216022-1-arnd@arndb.de> (raw)
clang-10 produces a warning about excessive stack usage, as well
as rather unoptimized object code when CONFIG_FORTIFY_SOURCE is
set:
lib/crypto/curve25519-hacl64.c:759:6: error: stack frame size of 2400 bytes in function 'curve25519_generic' [-Werror,-Wframe-larger-than=]
Jason Donenfeld managed to track this down to the usage of
CONFIG_FORTIFY_SOURCE, and I found a minimal test case that illustrates
this happening on clang-10 but not clang-9 or clang-11.
To work around this, turn off fortification in this file.
Link: https://bugs.llvm.org/show_bug.cgi?id=45802
Cc: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
---
lib/crypto/curve25519-hacl64.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/lib/crypto/curve25519-hacl64.c b/lib/crypto/curve25519-hacl64.c
index c7de61829a66..87adeb4f9276 100644
--- a/lib/crypto/curve25519-hacl64.c
+++ b/lib/crypto/curve25519-hacl64.c
@@ -10,6 +10,10 @@
* integer types.
*/
+#if (CONFIG_CLANG_VERSION >= 100000) && (CONFIG_CLANG_VERSION < 110000)
+#define __NO_FORTIFY /* https://bugs.llvm.org/show_bug.cgi?id=45802 */
+#endif
+
#include <asm/unaligned.h>
#include <crypto/curve25519.h>
#include <linux/string.h>
--
2.26.0
next reply other threads:[~2020-05-05 14:00 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-05-05 13:59 Arnd Bergmann [this message]
2020-05-05 21:39 ` [PATCH] crypto: curve25519-hacl64 - Disable fortify-source for clang-10 Jason A. Donenfeld
2020-05-05 21:48 ` Nick Desaulniers
2020-05-05 21:49 ` Jason A. Donenfeld
2020-05-05 21:55 ` [PATCH] Kbuild: disable FORTIFY_SOURCE on clang-10 Jason A. Donenfeld
2020-05-05 22:02 ` Nick Desaulniers
2020-05-05 22:25 ` Nathan Chancellor
2020-05-05 22:37 ` George Burgess IV
2020-05-05 22:37 ` Jason A. Donenfeld
2020-05-05 23:19 ` Kees Cook
2020-05-05 23:22 ` Jason A. Donenfeld
2020-05-05 23:22 ` Jason A. Donenfeld
2020-05-05 23:36 ` Nick Desaulniers
2020-05-06 2:53 ` Kees Cook
2020-05-06 0:14 ` [PATCH v2] security: disable FORTIFY_SOURCE on clang Jason A. Donenfeld
2020-05-06 0:57 ` Nick Desaulniers
2020-05-06 2:54 ` Kees Cook
2020-05-06 3:34 ` Jason A. Donenfeld
2020-05-06 3:53 ` Nathan Chancellor
2020-05-06 16:48 ` George Burgess
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200505135947.216022-1-arnd@arndb.de \
--to=arnd@arndb.de \
--cc=Jason@zx2c4.com \
--cc=ardb@kernel.org \
--cc=clang-built-linux@googlegroups.com \
--cc=davem@davemloft.net \
--cc=herbert@gondor.apana.org.au \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).