From: Nicolai Stange <nstange@suse.de>
To: Kees Cook <keescook@chromium.org>
Cc: Jeremy Linton <jeremy.linton@arm.com>,
Arnd Bergmann <arnd@arndb.de>,
"Gustavo A. R. Silva" <gustavoars@kernel.org>,
linux-hardening@vger.kernel.org,
Elena Reshetova <elena.reshetova@intel.com>,
Thomas Gleixner <tglx@linutronix.de>,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH] randomize_kstack: Improve entropy diffusion
Date: Wed, 22 May 2024 10:35:20 +0200 [thread overview]
Message-ID: <87seya452v.fsf@> (raw)
In-Reply-To: <20240309202445.work.165-kees@kernel.org> (Kees Cook's message of "Sat, 9 Mar 2024 12:24:48 -0800")
Kees Cook <keescook@chromium.org> writes:
>
> diff --git a/include/linux/randomize_kstack.h b/include/linux/randomize_kstack.h
> index 5d868505a94e..6d92b68efbf6 100644
> --- a/include/linux/randomize_kstack.h
> +++ b/include/linux/randomize_kstack.h
> @@ -80,7 +80,7 @@ DECLARE_PER_CPU(u32, kstack_offset);
> if (static_branch_maybe(CONFIG_RANDOMIZE_KSTACK_OFFSET_DEFAULT, \
> &randomize_kstack_offset)) { \
> u32 offset = raw_cpu_read(kstack_offset); \
> - offset ^= (rand); \
> + offset = ror32(offset, 5) ^ (rand); \
Hi Kees,
I'm wondering whether this renders the per-arch mask applied to 'rand'
at the respective choose_random_kstack_offset() invocations ineffective?
Like e.g. on x86 there is
choose_random_kstack_offset(rdtsc() & 0xFF);
I would argue that while before the patch kstack_offset had been
guaranteed to stay within the bounds of 0xFF, it's now effectively
unlimited (well, <= (u32)-1) and only capped to 0x3ff when subsequently
applying the KSTACK_OFFSET_MAX().
Or am I simply missing something?
Thanks!
Nicolai
> raw_cpu_write(kstack_offset, offset); \
> } \
> } while (0)
--
SUSE Software Solutions Germany GmbH, Frankenstraße 146, 90461 Nürnberg, Germany
GF: Ivo Totev, Andrew McDonald, Werner Knoblich
(HRB 36809, AG Nürnberg)
next prev parent reply other threads:[~2024-05-22 8:35 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-03-09 20:24 [PATCH] randomize_kstack: Improve entropy diffusion Kees Cook
2024-04-03 21:45 ` Kees Cook
2024-05-22 8:35 ` Nicolai Stange [this message]
2024-05-22 19:28 ` Arnd Bergmann
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87seya452v.fsf@ \
--to=nstange@suse.de \
--cc=arnd@arndb.de \
--cc=elena.reshetova@intel.com \
--cc=gustavoars@kernel.org \
--cc=jeremy.linton@arm.com \
--cc=keescook@chromium.org \
--cc=linux-hardening@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=tglx@linutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.