On Thu, Aug 27, 2020 at 1:51 PM Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> wrote:
>
> On Thu, Aug 27, 2020 at 12:41:53PM +0200, Ard Biesheuvel wrote:
> >
> > That does not help, unfortunately.
> >
> > What does seem to work is
> >
> > struct chacha_state { u32 x[16]; };
> >
> > struct chacha_state chacha_permute(struct chacha_state st, int nrounds)
>
> Passing 64 bytes by value is not good.
>
> Passing struct chacha_state as a pointer doesn't work either.
Marking the function as __always_inline avoids the problem, as it
lets the compiler see the issue, but seems to produce somewhat
worse object code.
I also tested with clang-11, which supports both -fsanitize-bounds
and -fprofile-arcs but only needs 8 bytes of stack for this function.
One more data point, I looked at the actual object code and found
that neither -fprofile-arcs nor -fsanitize-bounds has a noticeable
impact on the object code output by themselves (aside of not
leading to the warning as you already mentioned). I would
conclude that there is an actual problem with gcc here.
Arnd
