[PATCH] crypto: ecc - Unbreak the build on arm with CONFIG_KASAN_STACK=y
0 views
Skip to first unread message
Lukas Wunner
Apr 8, 2026, 2:16:09 AM (2 days ago) Apr 8
to Herbert Xu, David S. Miller, Andrew Morton, Arnd Bergmann, Andrey Ryabinin, Ignat Korchagin, Stefan Berger, linux-...@vger.kernel.org, linux-...@vger.kernel.org, kasa...@googlegroups.com, Alexander Potapenko, Andrey Konovalov, Dmitry Vyukov, Vincenzo Frascino, Andy Shevchenko
Andrew reports the following build breakage of arm allmodconfig,
reproducible with gcc 14.2.0 and 15.2.0:
crypto/ecc.c: In function 'ecc_point_mult':
crypto/ecc.c:1380:1: error: the frame size of 1360 bytes is larger than 1280 bytes [-Werror=frame-larger-than=]
gcc excessively inlines functions called by ecc_point_mult() (without
there being any explicit inline declarations) and doesn't seem smart
enough to stay below CONFIG_FRAME_WARN.
clang does not exhibit the issue.
The issue only occurs with CONFIG_KASAN_STACK=y because it enlarges the
frame size. This has been a controversial topic a couple of times:
https://lore.kernel.org/r/CAK8P3a3_Tdc-XVPXrJ69j3S9...@mail.gmail.com/
Prevent gcc from going overboard with inlining to unbreak the build.
The maximum inline limit to avoid the error is 101. Use 100 to get a
nice round number per Andrew's preference.
Reported-by: Andrew Morton <ak...@linux-foundation.org> # off-list
Signed-off-by: Lukas Wunner <lu...@wunner.de>
---
crypto/Makefile | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/crypto/Makefile b/crypto/Makefile
index 04e269117589..b3ac7f29153e 100644
--- a/crypto/Makefile
+++ b/crypto/Makefile
@@ -181,6 +181,11 @@ obj-$(CONFIG_CRYPTO_ZSTD) += zstd.o
obj-$(CONFIG_CRYPTO_ECC) += ecc.o
obj-$(CONFIG_CRYPTO_ESSIV) += essiv.o
+# Avoid exceeding stack frame due to excessive gcc inlining in ecc_point_mult()
+ifeq ($(ARCH)$(CONFIG_KASAN_STACK)$(LLVM),army)
+CFLAGS_ecc.o += $(call cc-option,-finline-limit=100)
+endif
+
ecdh_generic-y += ecdh.o
ecdh_generic-y += ecdh_helper.o
obj-$(CONFIG_CRYPTO_ECDH) += ecdh_generic.o
--
2.51.0
reproducible with gcc 14.2.0 and 15.2.0:
crypto/ecc.c: In function 'ecc_point_mult':
crypto/ecc.c:1380:1: error: the frame size of 1360 bytes is larger than 1280 bytes [-Werror=frame-larger-than=]
gcc excessively inlines functions called by ecc_point_mult() (without
there being any explicit inline declarations) and doesn't seem smart
enough to stay below CONFIG_FRAME_WARN.
clang does not exhibit the issue.
The issue only occurs with CONFIG_KASAN_STACK=y because it enlarges the
frame size. This has been a controversial topic a couple of times:
https://lore.kernel.org/r/CAK8P3a3_Tdc-XVPXrJ69j3S9...@mail.gmail.com/
Prevent gcc from going overboard with inlining to unbreak the build.
The maximum inline limit to avoid the error is 101. Use 100 to get a
nice round number per Andrew's preference.
Reported-by: Andrew Morton <ak...@linux-foundation.org> # off-list
Signed-off-by: Lukas Wunner <lu...@wunner.de>
---
crypto/Makefile | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/crypto/Makefile b/crypto/Makefile
index 04e269117589..b3ac7f29153e 100644
--- a/crypto/Makefile
+++ b/crypto/Makefile
@@ -181,6 +181,11 @@ obj-$(CONFIG_CRYPTO_ZSTD) += zstd.o
obj-$(CONFIG_CRYPTO_ECC) += ecc.o
obj-$(CONFIG_CRYPTO_ESSIV) += essiv.o
+# Avoid exceeding stack frame due to excessive gcc inlining in ecc_point_mult()
+ifeq ($(ARCH)$(CONFIG_KASAN_STACK)$(LLVM),army)
+CFLAGS_ecc.o += $(call cc-option,-finline-limit=100)
+endif
+
ecdh_generic-y += ecdh.o
ecdh_generic-y += ecdh_helper.o
obj-$(CONFIG_CRYPTO_ECDH) += ecdh_generic.o
--
2.51.0
Andy Shevchenko
Apr 8, 2026, 7:31:29 AM (2 days ago) Apr 8
to Lukas Wunner, Herbert Xu, David S. Miller, Andrew Morton, Arnd Bergmann, Andrey Ryabinin, Ignat Korchagin, Stefan Berger, linux-...@vger.kernel.org, linux-...@vger.kernel.org, kasa...@googlegroups.com, Alexander Potapenko, Andrey Konovalov, Dmitry Vyukov, Vincenzo Frascino
On Wed, Apr 08, 2026 at 08:15:49AM +0200, Lukas Wunner wrote:
> Andrew reports the following build breakage of arm allmodconfig,
> reproducible with gcc 14.2.0 and 15.2.0:
>
> crypto/ecc.c: In function 'ecc_point_mult':
> crypto/ecc.c:1380:1: error: the frame size of 1360 bytes is larger than 1280 bytes [-Werror=frame-larger-than=]
>
> gcc excessively inlines functions called by ecc_point_mult() (without
> there being any explicit inline declarations) and doesn't seem smart
> enough to stay below CONFIG_FRAME_WARN.
>
> clang does not exhibit the issue.
>
> The issue only occurs with CONFIG_KASAN_STACK=y because it enlarges the
> frame size. This has been a controversial topic a couple of times:
>
> https://lore.kernel.org/r/CAK8P3a3_Tdc-XVPXrJ69j3S9...@mail.gmail.com/
>
> Prevent gcc from going overboard with inlining to unbreak the build.
> The maximum inline limit to avoid the error is 101. Use 100 to get a
> nice round number per Andrew's preference.
I think this is not the best solution. We still can refactor the code and avoid
> Andrew reports the following build breakage of arm allmodconfig,
> reproducible with gcc 14.2.0 and 15.2.0:
>
> crypto/ecc.c: In function 'ecc_point_mult':
> crypto/ecc.c:1380:1: error: the frame size of 1360 bytes is larger than 1280 bytes [-Werror=frame-larger-than=]
>
> gcc excessively inlines functions called by ecc_point_mult() (without
> there being any explicit inline declarations) and doesn't seem smart
> enough to stay below CONFIG_FRAME_WARN.
>
> clang does not exhibit the issue.
>
> The issue only occurs with CONFIG_KASAN_STACK=y because it enlarges the
> frame size. This has been a controversial topic a couple of times:
>
> https://lore.kernel.org/r/CAK8P3a3_Tdc-XVPXrJ69j3S9...@mail.gmail.com/
>
> Prevent gcc from going overboard with inlining to unbreak the build.
> The maximum inline limit to avoid the error is 101. Use 100 to get a
> nice round number per Andrew's preference.
being dependant to the (useful) kernel options.
--
With Best Regards,
Andy Shevchenko
Lukas Wunner
Apr 8, 2026, 9:36:50 AM (2 days ago) Apr 8
to Andy Shevchenko, Herbert Xu, David S. Miller, Andrew Morton, Arnd Bergmann, Andrey Ryabinin, Ignat Korchagin, Stefan Berger, linux-...@vger.kernel.org, linux-...@vger.kernel.org, kasa...@googlegroups.com, Alexander Potapenko, Andrey Konovalov, Dmitry Vyukov, Vincenzo Frascino
performance for everyone.
Note that this is a different kind of stack frame exhaustion than the one
in drivers/mtd/chips/cfi_cmdset_0001.c:do_write_buffer(): The latter
is a single function with lots of large local variables, whereas
ecc_point_mult() itself has a reasonable number of variables on the stack,
but gcc inlines numerous function calls that each increase the stack frame.
And gcc isn't smart enough to stop inlining when it reaches the maximum
stack frame size allowed by CONFIG_FRAME_WARN.
It's apparently a compiler bug. Why should we work around compiler bugs
by refactoring the code? The proposed patch instructs gcc to limit
inlining and we can easily remove that once the bug is fixed.
As Arnd explains in the above-linked message, stack frame exhaustion
in crypto/ tends to be caused by compiler bugs. There are already two
other workarounds for compiler bugs in crypto/Makefile, one for wp512.o
and another for serpent_generic.o. Amending CFLAGS is how we've dealt
with these issues in the past, not by refactoring code.
Thanks,
Lukas
Andy Shevchenko
Apr 8, 2026, 10:32:54 AM (2 days ago) Apr 8
to Lukas Wunner, Herbert Xu, David S. Miller, Andrew Morton, Arnd Bergmann, Andrey Ryabinin, Ignat Korchagin, Stefan Berger, linux-...@vger.kernel.org, linux-...@vger.kernel.org, kasa...@googlegroups.com, Alexander Potapenko, Andrey Konovalov, Dmitry Vyukov, Vincenzo Frascino
> And gcc isn't smart enough to stop inlining when it reaches the maximum
> stack frame size allowed by CONFIG_FRAME_WARN.
>
> It's apparently a compiler bug. Why should we work around compiler bugs
> by refactoring the code? The proposed patch instructs gcc to limit
> inlining and we can easily remove that once the bug is fixed.
>
> As Arnd explains in the above-linked message, stack frame exhaustion
> in crypto/ tends to be caused by compiler bugs. There are already two
> other workarounds for compiler bugs in crypto/Makefile, one for wp512.o
> and another for serpent_generic.o. Amending CFLAGS is how we've dealt
> with these issues in the past, not by refactoring code.
Acked-by: Andy Shevchenko <andriy.s...@linux.intel.com>
Nathan Chancellor
Apr 8, 2026, 4:57:54 PM (2 days ago) Apr 8
to Lukas Wunner, Herbert Xu, David S. Miller, Andrew Morton, Arnd Bergmann, Andrey Ryabinin, Ignat Korchagin, Stefan Berger, linux-...@vger.kernel.org, linux-...@vger.kernel.org, kasa...@googlegroups.com, Alexander Potapenko, Andrey Konovalov, Dmitry Vyukov, Vincenzo Frascino, Andy Shevchenko
On Wed, Apr 08, 2026 at 08:15:49AM +0200, Lukas Wunner wrote:
ifeq ($(CONFIG_ARM)$(CONFIG_KASAN_STACK)$(CONFIG_CC_IS_GCC),yyy)
Which is both more robust, as $(LLVM) may not be set but CC=clang could
be, and it is clearer (in my opinion). If all supported versions of GCC
support this flag, you could drop the cc-option at that point.
Reply all
Reply to author
Forward
0 new messages