lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <202407200940.ABE5F65@keescook>
Date: Sat, 20 Jul 2024 09:42:18 -0700
From: Kees Cook <kees@...nel.org>
To: Jinjie Ruan <ruanjinjie@...wei.com>
Cc: chenhuacai@...nel.org, kernel@...0n.name, gustavoars@...nel.org,
	arnd@...db.de, maobibo@...ngson.cn, loongarch@...ts.linux.dev,
	linux-kernel@...r.kernel.org, linux-hardening@...r.kernel.org
Subject: Re: [PATCH v2] loongarch: Support RANDOMIZE_KSTACK_OFFSET

On Sat, Jul 20, 2024 at 10:52:06AM +0800, Jinjie Ruan wrote:
> 
> 
> On 2024/7/20 0:01, Kees Cook wrote:
> > On Fri, Jul 19, 2024 at 11:14:27AM +0800, Jinjie Ruan wrote:
> >> Add support of kernel stack offset randomization while handling syscall,
> >> the offset is defaultly limited by KSTACK_OFFSET_MAX().
> >>
> >> In order to avoid trigger stack canaries (due to __builtin_alloca) and
> >> slowing down the entry path, use __no_stack_protector attribute to
> >> disable stack protector for do_syscall() at function level.
> >>
> >> With this patch, the REPORT_STACK test show that:
> >> 	`loongarch64 bits of stack entropy: 7`
> > 
> > I suspect this will report the correct "6" after now that this commit
> > has landed:
> > https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=872bb37f6829d4f7f3ed5afe2786add3d4384b4b
> 
> Hi, Kees
> 
> I noticed your patch, and I reconfirm that I have updated to the latest
> mainline and that your patch is in the code.
> 
> However,the following REPORT_STACK test of your below script has the
> same result (run multiple times).
> 
> And riscv64, arm64, x86 also has the 7 bit  of stack entropy.

Okay, thanks for checking! I may go take a closer look if I have time.
It'd only be a problem if the distribution isn't sufficiently even.

-Kees

-- 
Kees Cook

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ