Re: [PATCH v2] loongarch: Support RANDOMIZE_KSTACK_OFFSET
From: Kees Cook
Date: Sat Jul 20 2024 - 12:42:29 EST
On Sat, Jul 20, 2024 at 10:52:06AM +0800, Jinjie Ruan wrote:
>
>
> On 2024/7/20 0:01, Kees Cook wrote:
> > On Fri, Jul 19, 2024 at 11:14:27AM +0800, Jinjie Ruan wrote:
> >> Add support of kernel stack offset randomization while handling syscall,
> >> the offset is defaultly limited by KSTACK_OFFSET_MAX().
> >>
> >> In order to avoid trigger stack canaries (due to __builtin_alloca) and
> >> slowing down the entry path, use __no_stack_protector attribute to
> >> disable stack protector for do_syscall() at function level.
> >>
> >> With this patch, the REPORT_STACK test show that:
> >> `loongarch64 bits of stack entropy: 7`
> >
> > I suspect this will report the correct "6" after now that this commit
> > has landed:
> > https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=872bb37f6829d4f7f3ed5afe2786add3d4384b4b
>
> Hi, Kees
>
> I noticed your patch, and I reconfirm that I have updated to the latest
> mainline and that your patch is in the code.
>
> However,the following REPORT_STACK test of your below script has the
> same result (run multiple times).
>
> And riscv64, arm64, x86 also has the 7 bit of stack entropy.
Okay, thanks for checking! I may go take a closer look if I have time.
It'd only be a problem if the distribution isn't sufficiently even.
-Kees
--
Kees Cook