Re: [PATCH v7 4/6] x86/entry: Enable random_kstack_offset support

From: Kees Cook
Date: Mon Mar 29 2021 - 14:44:30 EST

Next message: Matthew Wilcox: "Re: [PATCH] mm: change size_t to unsigned int for cma_alloc"
Previous message: David Sterba: "Re: [PATCH v2] btrfs: fix a potential hole-punching failure"
In reply to: Thomas Gleixner: "Re: [PATCH v7 4/6] x86/entry: Enable random_kstack_offset support"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sun, Mar 28, 2021 at 04:18:56PM +0200, Thomas Gleixner wrote:
> On Fri, Mar 19 2021 at 14:28, Kees Cook wrote:
> > +
> > + /*
> > + * x86_64 stack alignment means 3 bits are ignored, so keep
> > + * the top 5 bits. x86_32 needs only 2 bits of alignment, so
> > + * the top 6 bits will be used.
> > + */
> > + choose_random_kstack_offset(rdtsc() & 0xFF);
>
> Comment mumbles about 5/6 bits and the TSC value is masked with 0xFF and
> then the applied offset is itself limited with 0x3FF.
>
> Too many moving parts for someone who does not have the details of all
> this memorized.

Each piece is intentional -- I will improve the comments to explain
each level of masking happening (implicit compiler stack alignment mask,
explicit per-arch mask, and the VLA upper-bound protection mask).

--
Kees Cook

Next message: Matthew Wilcox: "Re: [PATCH] mm: change size_t to unsigned int for cma_alloc"
Previous message: David Sterba: "Re: [PATCH v2] btrfs: fix a potential hole-punching failure"
In reply to: Thomas Gleixner: "Re: [PATCH v7 4/6] x86/entry: Enable random_kstack_offset support"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]