From ff83f11b805997ba95b3e9cb892059430f4105f4 Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Fri, 17 Oct 2025 09:13:02 +0200 Subject: [PATCH] 6.1-stable patches added patches: lib-crypto-curve25519-hacl64-disable-kasan-with-clang-17-and-older.patch --- ...isable-kasan-with-clang-17-and-older.patch | 67 +++++++++++++++++++ queue-6.1/series | 1 + 2 files changed, 68 insertions(+) create mode 100644 queue-6.1/lib-crypto-curve25519-hacl64-disable-kasan-with-clang-17-and-older.patch diff --git a/queue-6.1/lib-crypto-curve25519-hacl64-disable-kasan-with-clang-17-and-older.patch b/queue-6.1/lib-crypto-curve25519-hacl64-disable-kasan-with-clang-17-and-older.patch new file mode 100644 index 0000000000..78189b1462 --- /dev/null +++ b/queue-6.1/lib-crypto-curve25519-hacl64-disable-kasan-with-clang-17-and-older.patch @@ -0,0 +1,67 @@ +From 2f13daee2a72bb962f5fd356c3a263a6f16da965 Mon Sep 17 00:00:00 2001 +From: Nathan Chancellor +Date: Mon, 9 Jun 2025 15:45:20 -0700 +Subject: lib/crypto/curve25519-hacl64: Disable KASAN with clang-17 and older + +From: Nathan Chancellor + +commit 2f13daee2a72bb962f5fd356c3a263a6f16da965 upstream. + +After commit 6f110a5e4f99 ("Disable SLUB_TINY for build testing"), which +causes CONFIG_KASAN to be enabled in allmodconfig again, arm64 +allmodconfig builds with clang-17 and older show an instance of +-Wframe-larger-than (which breaks the build with CONFIG_WERROR=y): + + lib/crypto/curve25519-hacl64.c:757:6: error: stack frame size (2336) exceeds limit (2048) in 'curve25519_generic' [-Werror,-Wframe-larger-than] + 757 | void curve25519_generic(u8 mypublic[CURVE25519_KEY_SIZE], + | ^ + +When KASAN is disabled, the stack usage is roughly quartered: + + lib/crypto/curve25519-hacl64.c:757:6: error: stack frame size (608) exceeds limit (128) in 'curve25519_generic' [-Werror,-Wframe-larger-than] + 757 | void curve25519_generic(u8 mypublic[CURVE25519_KEY_SIZE], + | ^ + +Using '-Rpass-analysis=stack-frame-layout' shows the following variables +and many, many 8-byte spills when KASAN is enabled: + + Offset: [SP-144], Type: Variable, Align: 8, Size: 40 + Offset: [SP-464], Type: Variable, Align: 8, Size: 320 + Offset: [SP-784], Type: Variable, Align: 8, Size: 320 + Offset: [SP-864], Type: Variable, Align: 32, Size: 80 + Offset: [SP-896], Type: Variable, Align: 32, Size: 32 + Offset: [SP-1016], Type: Variable, Align: 8, Size: 120 + +When KASAN is disabled, there are still spills but not at many and the +variables list is smaller: + + Offset: [SP-192], Type: Variable, Align: 32, Size: 80 + Offset: [SP-224], Type: Variable, Align: 32, Size: 32 + Offset: [SP-344], Type: Variable, Align: 8, Size: 120 + +Disable KASAN for this file when using clang-17 or older to avoid +blowing out the stack, clearing up the warning. + +Signed-off-by: Nathan Chancellor +Acked-by: "Jason A. Donenfeld" +Acked-by: Ard Biesheuvel +Link: https://lore.kernel.org/r/20250609-curve25519-hacl64-disable-kasan-clang-v1-1-08ea0ac5ccff@kernel.org +Signed-off-by: Eric Biggers +Signed-off-by: Greg Kroah-Hartman +--- + lib/crypto/Makefile | 4 ++++ + 1 file changed, 4 insertions(+) + +--- a/lib/crypto/Makefile ++++ b/lib/crypto/Makefile +@@ -25,6 +25,10 @@ obj-$(CONFIG_CRYPTO_LIB_CURVE25519_GENER + libcurve25519-generic-y := curve25519-fiat32.o + libcurve25519-generic-$(CONFIG_ARCH_SUPPORTS_INT128) := curve25519-hacl64.o + libcurve25519-generic-y += curve25519-generic.o ++# clang versions prior to 18 may blow out the stack with KASAN ++ifeq ($(call clang-min-version, 180000),) ++KASAN_SANITIZE_curve25519-hacl64.o := n ++endif + + obj-$(CONFIG_CRYPTO_LIB_CURVE25519) += libcurve25519.o + libcurve25519-y += curve25519.o diff --git a/queue-6.1/series b/queue-6.1/series index 2c50a38a66..f9367734a4 100644 --- a/queue-6.1/series +++ b/queue-6.1/series @@ -132,3 +132,4 @@ ext4-correctly-handle-queries-for-metadata-mappings.patch ext4-guard-against-ea-inode-refcount-underflow-in-xattr-update.patch acpica-allow-to-skip-global-lock-initialization.patch ext4-free-orphan-info-with-kvfree.patch +lib-crypto-curve25519-hacl64-disable-kasan-with-clang-17-and-older.patch -- 2.47.3