[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <202407200940.ABE5F65@keescook>
Date: Sat, 20 Jul 2024 09:42:18 -0700
From: Kees Cook <kees@...nel.org>
To: Jinjie Ruan <ruanjinjie@...wei.com>
Cc: chenhuacai@...nel.org, kernel@...0n.name, gustavoars@...nel.org,
arnd@...db.de, maobibo@...ngson.cn, loongarch@...ts.linux.dev,
linux-kernel@...r.kernel.org, linux-hardening@...r.kernel.org
Subject: Re: [PATCH v2] loongarch: Support RANDOMIZE_KSTACK_OFFSET
On Sat, Jul 20, 2024 at 10:52:06AM +0800, Jinjie Ruan wrote:
>
>
> On 2024/7/20 0:01, Kees Cook wrote:
> > On Fri, Jul 19, 2024 at 11:14:27AM +0800, Jinjie Ruan wrote:
> >> Add support of kernel stack offset randomization while handling syscall,
> >> the offset is defaultly limited by KSTACK_OFFSET_MAX().
> >>
> >> In order to avoid trigger stack canaries (due to __builtin_alloca) and
> >> slowing down the entry path, use __no_stack_protector attribute to
> >> disable stack protector for do_syscall() at function level.
> >>
> >> With this patch, the REPORT_STACK test show that:
> >> `loongarch64 bits of stack entropy: 7`
> >
> > I suspect this will report the correct "6" after now that this commit
> > has landed:
> > https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=872bb37f6829d4f7f3ed5afe2786add3d4384b4b
>
> Hi, Kees
>
> I noticed your patch, and I reconfirm that I have updated to the latest
> mainline and that your patch is in the code.
>
> However,the following REPORT_STACK test of your below script has the
> same result (run multiple times).
>
> And riscv64, arm64, x86 also has the 7 bit of stack entropy.
Okay, thanks for checking! I may go take a closer look if I have time.
It'd only be a problem if the distribution isn't sufficiently even.
-Kees
--
Kees Cook
Powered by blists - more mailing lists