| b.liu | e958203 | 2025-04-17 19:18:16 +0800 | [diff] [blame] | 1 | From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 |
| 2 | From: Ard Biesheuvel <ardb@kernel.org> |
| 3 | Date: Fri, 8 Nov 2019 13:22:35 +0100 |
| 4 | Subject: [PATCH] crypto: lib/curve25519 - work around Clang stack spilling |
| 5 | issue |
| 6 | |
| 7 | commit 660bb8e1f833ea63185fe80fde847e3e42f18e3b upstream. |
| 8 | |
| 9 | Arnd reports that the 32-bit generic library code for Curve25119 ends |
| 10 | up using an excessive amount of stack space when built with Clang: |
| 11 | |
| 12 | lib/crypto/curve25519-fiat32.c:756:6: error: stack frame size |
| 13 | of 1384 bytes in function 'curve25519_generic' |
| 14 | [-Werror,-Wframe-larger-than=] |
| 15 | |
| 16 | Let's give some hints to the compiler regarding which routines should |
| 17 | not be inlined, to prevent it from running out of registers and spilling |
| 18 | to the stack. The resulting code performs identically under both GCC |
| 19 | and Clang, and makes the warning go away. |
| 20 | |
| 21 | Suggested-by: Arnd Bergmann <arnd@arndb.de> |
| 22 | Signed-off-by: Ard Biesheuvel <ardb@kernel.org> |
| 23 | Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> |
| 24 | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> |
| 25 | --- |
| 26 | lib/crypto/curve25519-fiat32.c | 10 +++++----- |
| 27 | 1 file changed, 5 insertions(+), 5 deletions(-) |
| 28 | |
| 29 | --- a/lib/crypto/curve25519-fiat32.c |
| 30 | +++ b/lib/crypto/curve25519-fiat32.c |
| 31 | @@ -223,7 +223,7 @@ static __always_inline void fe_1(fe *h) |
| 32 | h->v[0] = 1; |
| 33 | } |
| 34 | |
| 35 | -static void fe_add_impl(u32 out[10], const u32 in1[10], const u32 in2[10]) |
| 36 | +static noinline void fe_add_impl(u32 out[10], const u32 in1[10], const u32 in2[10]) |
| 37 | { |
| 38 | { const u32 x20 = in1[9]; |
| 39 | { const u32 x21 = in1[8]; |
| 40 | @@ -266,7 +266,7 @@ static __always_inline void fe_add(fe_lo |
| 41 | fe_add_impl(h->v, f->v, g->v); |
| 42 | } |
| 43 | |
| 44 | -static void fe_sub_impl(u32 out[10], const u32 in1[10], const u32 in2[10]) |
| 45 | +static noinline void fe_sub_impl(u32 out[10], const u32 in1[10], const u32 in2[10]) |
| 46 | { |
| 47 | { const u32 x20 = in1[9]; |
| 48 | { const u32 x21 = in1[8]; |
| 49 | @@ -309,7 +309,7 @@ static __always_inline void fe_sub(fe_lo |
| 50 | fe_sub_impl(h->v, f->v, g->v); |
| 51 | } |
| 52 | |
| 53 | -static void fe_mul_impl(u32 out[10], const u32 in1[10], const u32 in2[10]) |
| 54 | +static noinline void fe_mul_impl(u32 out[10], const u32 in1[10], const u32 in2[10]) |
| 55 | { |
| 56 | { const u32 x20 = in1[9]; |
| 57 | { const u32 x21 = in1[8]; |
| 58 | @@ -441,7 +441,7 @@ fe_mul_tll(fe *h, const fe_loose *f, con |
| 59 | fe_mul_impl(h->v, f->v, g->v); |
| 60 | } |
| 61 | |
| 62 | -static void fe_sqr_impl(u32 out[10], const u32 in1[10]) |
| 63 | +static noinline void fe_sqr_impl(u32 out[10], const u32 in1[10]) |
| 64 | { |
| 65 | { const u32 x17 = in1[9]; |
| 66 | { const u32 x18 = in1[8]; |
| 67 | @@ -619,7 +619,7 @@ static __always_inline void fe_invert(fe |
| 68 | * |
| 69 | * Preconditions: b in {0,1} |
| 70 | */ |
| 71 | -static __always_inline void fe_cswap(fe *f, fe *g, unsigned int b) |
| 72 | +static noinline void fe_cswap(fe *f, fe *g, unsigned int b) |
| 73 | { |
| 74 | unsigned i; |
| 75 | b = 0 - b; |