From: Lukas Wunner <lukas@wunner.de>
To: Herbert Xu <herbert@gondor.apana.org.au>
Cc: "David S. Miller" <davem@davemloft.net>,
Andrew Morton <akpm@linux-foundation.org>,
Arnd Bergmann <arnd@arndb.de>,
Andrey Ryabinin <ryabinin.a.a@gmail.com>,
Ignat Korchagin <ignat@linux.win>,
Stefan Berger <stefanb@linux.ibm.com>,
linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org,
kasan-dev@googlegroups.com,
Alexander Potapenko <glider@google.com>,
Andrey Konovalov <andreyknvl@gmail.com>,
Dmitry Vyukov <dvyukov@google.com>,
Vincenzo Frascino <vincenzo.frascino@arm.com>,
Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Subject: Re: [PATCH] crypto: ecc - Unbreak the build on arm with CONFIG_KASAN_STACK=y
Date: Wed, 6 May 2026 15:41:21 +0200 [thread overview]
Message-ID: <aftFAexDFrYbIeBM@wunner.de> (raw)
In-Reply-To: <afms-fn-mpwJPfa-@gondor.apana.org.au>
On Tue, May 05, 2026 at 04:40:25PM +0800, Herbert Xu wrote:
> On Wed, Apr 08, 2026 at 08:15:49AM +0200, Lukas Wunner wrote:
> > Andrew reports the following build breakage of arm allmodconfig,
> > reproducible with gcc 14.2.0 and 15.2.0:
> >
> > crypto/ecc.c: In function 'ecc_point_mult':
> > crypto/ecc.c:1380:1: error: the frame size of 1360 bytes is larger than 1280 bytes [-Werror=frame-larger-than=]
> >
> > gcc excessively inlines functions called by ecc_point_mult() (without
> > there being any explicit inline declarations) and doesn't seem smart
> > enough to stay below CONFIG_FRAME_WARN.
> >
> > clang does not exhibit the issue.
> >
> > The issue only occurs with CONFIG_KASAN_STACK=y because it enlarges the
> > frame size. This has been a controversial topic a couple of times:
> >
> > https://lore.kernel.org/r/CAK8P3a3_Tdc-XVPXrJ69j3S9048uzmVJGrNcvi0T6yr6OrHkPw@mail.gmail.com/
> >
> > Prevent gcc from going overboard with inlining to unbreak the build.
> > The maximum inline limit to avoid the error is 101. Use 100 to get a
> > nice round number per Andrew's preference.
> >
> > Reported-by: Andrew Morton <akpm@linux-foundation.org> # off-list
> > Signed-off-by: Lukas Wunner <lukas@wunner.de>
> > ---
> > crypto/Makefile | 5 +++++
> > 1 file changed, 5 insertions(+)
>
> Patch applied. Thanks.
My apologies Herbert, I was working on a v2 for this patch
but unfortunately didn't finish it until today:
https://lore.kernel.org/r/7e3d64a53efb28740b32d1f934e78c10086208ab.1778073318.git.lukas@wunner.de/
Would it be possible for you to replace the patch you've already applied
with the new one? I am very sorry for the hassle.
Since submitting v1, I've opened a gcc bug to get feedback from gcc
maintainers. They're acknowledging a missing optimization here but
believe that a warning switch such as -Werror=frame-larger-than=1280
should never affect code generation, even if it is promoted to an
error. Basically if the user is asking to be warned but gcc inlines
beyond the limit, the user gets to keep the pieces:
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=124949
I took a closer look at the ECC point multiplication algorithm used,
it's relatively memory intensive because it uses co-Z addition as a
speedup:
https://eprint.iacr.org/2011/338.pdf
The algorithm is susceptible to timing attacks. Newer constant time
Montgomery ladder algorithms are not, use less memory (thus likely
avoiding the high stack usage warning) but are not as fast. I think
that's the proper longterm solution for this problem:
https://eprint.iacr.org/2020/956.pdf
In v2, I've amended the commit message with all that extra information
and I've also taken Nathan's review comments into account.
Thanks,
Lukas
prev parent reply other threads:[~2026-05-06 13:41 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-04-08 6:15 [PATCH] crypto: ecc - Unbreak the build on arm with CONFIG_KASAN_STACK=y Lukas Wunner
2026-04-08 11:31 ` Andy Shevchenko
2026-04-08 13:36 ` Lukas Wunner
2026-04-08 14:32 ` Andy Shevchenko
2026-04-13 15:42 ` Arnd Bergmann
2026-04-13 19:46 ` Lukas Wunner
2026-04-13 20:32 ` Arnd Bergmann
2026-04-14 4:57 ` Lukas Wunner
2026-04-14 10:26 ` David Laight
2026-04-08 20:57 ` Nathan Chancellor
2026-05-05 8:40 ` Herbert Xu
2026-05-06 13:41 ` Lukas Wunner [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aftFAexDFrYbIeBM@wunner.de \
--to=lukas@wunner.de \
--cc=akpm@linux-foundation.org \
--cc=andreyknvl@gmail.com \
--cc=andriy.shevchenko@linux.intel.com \
--cc=arnd@arndb.de \
--cc=davem@davemloft.net \
--cc=dvyukov@google.com \
--cc=glider@google.com \
--cc=herbert@gondor.apana.org.au \
--cc=ignat@linux.win \
--cc=kasan-dev@googlegroups.com \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=ryabinin.a.a@gmail.com \
--cc=stefanb@linux.ibm.com \
--cc=vincenzo.frascino@arm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox