[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <d02b4ddf-f686-4b53-af52-68762c38df94@app.fastmail.com>
Date: Thu, 20 Jun 2024 12:28:57 +0200
From: "Arnd Bergmann" <arnd@...db.de>
To: "Kees Cook" <kees@...nel.org>
Cc: "Yuntao Liu" <liuyuntao12@...wei.com>,
"Mark Rutland" <mark.rutland@....com>,
"Catalin Marinas" <catalin.marinas@....com>,
"Will Deacon" <will@...nel.org>, "Heiko Carstens" <hca@...ux.ibm.com>,
"Vasily Gorbik" <gor@...ux.ibm.com>,
"Alexander Gordeev" <agordeev@...ux.ibm.com>,
"Christian Borntraeger" <borntraeger@...ux.ibm.com>,
"Sven Schnelle" <svens@...ux.ibm.com>,
"Thomas Gleixner" <tglx@...utronix.de>, "Ingo Molnar" <mingo@...hat.com>,
"Borislav Petkov" <bp@...en8.de>,
"Dave Hansen" <dave.hansen@...ux.intel.com>,
"H. Peter Anvin" <hpa@...or.com>,
"Gustavo A. R. Silva" <gustavoars@...nel.org>,
"Paul Walmsley" <paul.walmsley@...ive.com>,
"Palmer Dabbelt" <palmer@...belt.com>,
"Albert Ou" <aou@...s.berkeley.edu>,
"Leonardo Bras" <leobras@...hat.com>,
"Claudio Imbrenda" <imbrenda@...ux.ibm.com>,
"Pawan Gupta" <pawan.kumar.gupta@...ux.intel.com>,
linux-kernel@...r.kernel.org, x86@...nel.org,
linux-arm-kernel@...ts.infradead.org, linux-s390@...r.kernel.org,
linux-hardening@...r.kernel.org, linux-riscv@...ts.infradead.org
Subject: Re: [PATCH] randomize_kstack: Remove non-functional per-arch entropy filtering
On Wed, Jun 19, 2024, at 23:47, Kees Cook wrote:
> An unintended consequence of commit 9c573cd31343 ("randomize_kstack:
> Improve entropy diffusion") was that the per-architecture entropy size
> filtering reduced how many bits were being added to the mix, rather than
> how many bits were being used during the offsetting. All architectures
> fell back to the existing default of 0x3FF (10 bits), which will consume
> at most 1KiB of stack space. It seems that this is working just fine,
> so let's avoid the confusion and update everything to use the default.
>
> The prior intent of the per-architecture limits were:
>
> arm64: capped at 0x1FF (9 bits), 5 bits effective
> powerpc: uncapped (10 bits), 6 or 7 bits effective
> riscv: uncapped (10 bits), 6 bits effective
> x86: capped at 0xFF (8 bits), 5 (x86_64) or 6 (ia32) bits effective
> s390: capped at 0xFF (8 bits), undocumented effective entropy
>
> Current discussion has led to just dropping the original per-architecture
> filters. The additional entropy appears to be safe for arm64, x86,
> and s390. Quoting Arnd, "There is no point pretending that 15.75KB is
> somehow safe to use while 15.00KB is not."
>
> Co-developed-by: Yuntao Liu <liuyuntao12@...wei.com>
> Signed-off-by: Yuntao Liu <liuyuntao12@...wei.com>
> Fixes: 9c573cd31343 ("randomize_kstack: Improve entropy diffusion")
> Link: https://lore.kernel.org/r/20240617133721.377540-1-liuyuntao12@huawei.com
> Signed-off-by: Kees Cook <kees@...nel.org>
Reviewed-by: Arnd Bergmann <arnd@...db.de>
Powered by blists - more mailing lists