Re: lib/crypto/chacha.c:65:1: warning: the frame size of 1604 bytes is larger than 1024 bytes

[Kees Cook]

On Thu, Aug 27, 2020 at 12:02:12PM -0700, Linus Torvalds wrote:
> On Thu, Aug 27, 2020 at 11:42 AM Kees Cook <keescook@xxxxxxxxxxxx> wrote:
> >
> > Do you mean you checked both gcc and clang and it was only a problem with gcc?
> 
> I didn't check with clang, but Arnd claimed it was fine.
> 
> > (If so, I can tweak the "depends" below...)
> 
> Ugh.
> 
> Instead of making the Makefile even uglier, why don't you just make
> this all be done in the Kconfig.
> 
> Also, I'm not seeing the point of your patch. You didn't actually
> change anything, you just made a new config variable with the same
> semantics as the old one.

Hmm? Yeah it did: it disallowed CONFIG_COMPILE_TEST, which you said was
the missing piece, I thought? (It's hardly the first time COMPILE_TEST
has collided unhappily with *SAN-ish things.)

> All of this should be thrown out, and this code should use the proper
> patterns for configuration entries in the Makefile, ie just
> 
>   ubsan-cflags-$(CONFIG_UBSAN_OBJECT_SIZE) += -fsanitize=object-size

Yeah, that would be a better pattern for sure.

> and the Kconfig file is the thing that should check if that CC option
> exists with
> 
>   config UBSAN_OBJECT_SIZE
>         bool "Check for accesses beyond known object sizes"
>         default UBSAN
>         depends on CLANG  # gcc makes a mess of it
>         depends on $(cc-option,-fsanitize-coverage=trace-pc)

Yup, for sure. I've only recently started poking at the ubsan stuff. I
can clean it up better.

> Doesn't that all look much cleaner?

Yup!

-- 
Kees Cook