target/linux/generic/backport-5.4/080-wireguard-0028-crypto-lib-curve25519-work-around-Clang-stack-spilli.patch - T108 - Gitiles

 From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
 From: Ard Biesheuvel <ardb@kernel.org>
 Date: Fri, 8 Nov 2019 13:22:35 +0100
 Subject: [PATCH] crypto: lib/curve25519 - work around Clang stack spilling
  issue

 commit 660bb8e1f833ea63185fe80fde847e3e42f18e3b upstream.

 Arnd reports that the 32-bit generic library code for Curve25119 ends
 up using an excessive amount of stack space when built with Clang:

   lib/crypto/curve25519-fiat32.c:756:6: error: stack frame size
       of 1384 bytes in function 'curve25519_generic'
       [-Werror,-Wframe-larger-than=]

 Let's give some hints to the compiler regarding which routines should
 not be inlined, to prevent it from running out of registers and spilling
 to the stack. The resulting code performs identically under both GCC
 and Clang, and makes the warning go away.

 Suggested-by: Arnd Bergmann <arnd@arndb.de>
 Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
 Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
 Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
 ---
  lib/crypto/curve25519-fiat32.c | 10 +++++-----
  1 file changed, 5 insertions(+), 5 deletions(-)

 --- a/lib/crypto/curve25519-fiat32.c
 +++ b/lib/crypto/curve25519-fiat32.c
 @@ -223,7 +223,7 @@ static __always_inline void fe_1(fe *h)
  	h->v[0] = 1;
  }

 -static void fe_add_impl(u32 out[10], const u32 in1[10], const u32 in2[10])
 +static noinline void fe_add_impl(u32 out[10], const u32 in1[10], const u32 in2[10])
  {
  	{ const u32 x20 = in1[9];
  	{ const u32 x21 = in1[8];
 @@ -266,7 +266,7 @@ static __always_inline void fe_add(fe_lo
  	fe_add_impl(h->v, f->v, g->v);
  }

 -static void fe_sub_impl(u32 out[10], const u32 in1[10], const u32 in2[10])
 +static noinline void fe_sub_impl(u32 out[10], const u32 in1[10], const u32 in2[10])
  {
  	{ const u32 x20 = in1[9];
  	{ const u32 x21 = in1[8];
 @@ -309,7 +309,7 @@ static __always_inline void fe_sub(fe_lo
  	fe_sub_impl(h->v, f->v, g->v);
  }

 -static void fe_mul_impl(u32 out[10], const u32 in1[10], const u32 in2[10])
 +static noinline void fe_mul_impl(u32 out[10], const u32 in1[10], const u32 in2[10])
  {
  	{ const u32 x20 = in1[9];
  	{ const u32 x21 = in1[8];
 @@ -441,7 +441,7 @@ fe_mul_tll(fe *h, const fe_loose *f, con
  	fe_mul_impl(h->v, f->v, g->v);
  }

 -static void fe_sqr_impl(u32 out[10], const u32 in1[10])
 +static noinline void fe_sqr_impl(u32 out[10], const u32 in1[10])
  {
  	{ const u32 x17 = in1[9];
  	{ const u32 x18 = in1[8];
 @@ -619,7 +619,7 @@ static __always_inline void fe_invert(fe
   *
   * Preconditions: b in {0,1}
   */
 -static __always_inline void fe_cswap(fe *f, fe *g, unsigned int b)
 +static noinline void fe_cswap(fe *f, fe *g, unsigned int b)
  {
  	unsigned i;
  	b = 0 - b;
	From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
	From: Ard Biesheuvel <ardb@kernel.org>
	Date: Fri, 8 Nov 2019 13:22:35 +0100
	Subject: [PATCH] crypto: lib/curve25519 - work around Clang stack spilling
	issue

	commit 660bb8e1f833ea63185fe80fde847e3e42f18e3b upstream.

	Arnd reports that the 32-bit generic library code for Curve25119 ends
	up using an excessive amount of stack space when built with Clang:

	lib/crypto/curve25519-fiat32.c:756:6: error: stack frame size
	of 1384 bytes in function 'curve25519_generic'
	[-Werror,-Wframe-larger-than=]

	Let's give some hints to the compiler regarding which routines should
	not be inlined, to prevent it from running out of registers and spilling
	to the stack. The resulting code performs identically under both GCC
	and Clang, and makes the warning go away.

	Suggested-by: Arnd Bergmann <arnd@arndb.de>
	Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
	Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
	Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
	---
	lib/crypto/curve25519-fiat32.c \| 10 +++++-----
	1 file changed, 5 insertions(+), 5 deletions(-)

	--- a/lib/crypto/curve25519-fiat32.c
	+++ b/lib/crypto/curve25519-fiat32.c
	@@ -223,7 +223,7 @@ static __always_inline void fe_1(fe *h)
	h->v[0] = 1;
	}

	-static void fe_add_impl(u32 out[10], const u32 in1[10], const u32 in2[10])
	+static noinline void fe_add_impl(u32 out[10], const u32 in1[10], const u32 in2[10])
	{
	{ const u32 x20 = in1[9];
	{ const u32 x21 = in1[8];
	@@ -266,7 +266,7 @@ static __always_inline void fe_add(fe_lo
	fe_add_impl(h->v, f->v, g->v);
	}

	-static void fe_sub_impl(u32 out[10], const u32 in1[10], const u32 in2[10])
	+static noinline void fe_sub_impl(u32 out[10], const u32 in1[10], const u32 in2[10])
	{
	{ const u32 x20 = in1[9];
	{ const u32 x21 = in1[8];
	@@ -309,7 +309,7 @@ static __always_inline void fe_sub(fe_lo
	fe_sub_impl(h->v, f->v, g->v);
	}

	-static void fe_mul_impl(u32 out[10], const u32 in1[10], const u32 in2[10])
	+static noinline void fe_mul_impl(u32 out[10], const u32 in1[10], const u32 in2[10])
	{
	{ const u32 x20 = in1[9];
	{ const u32 x21 = in1[8];
	@@ -441,7 +441,7 @@ fe_mul_tll(fe h, const fe_loose f, con
	fe_mul_impl(h->v, f->v, g->v);
	}

	-static void fe_sqr_impl(u32 out[10], const u32 in1[10])
	+static noinline void fe_sqr_impl(u32 out[10], const u32 in1[10])
	{
	{ const u32 x17 = in1[9];
	{ const u32 x18 = in1[8];
	@@ -619,7 +619,7 @@ static __always_inline void fe_invert(fe
	*
	* Preconditions: b in {0,1}
	*/
	-static __always_inline void fe_cswap(fe f, fe g, unsigned int b)
	+static noinline void fe_cswap(fe f, fe g, unsigned int b)
	{
	unsigned i;
	b = 0 - b;