From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 7AFD4C2BA15 for ; Tue, 18 Jun 2024 06:47:05 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender:List-Subscribe:List-Help :List-Post:List-Archive:List-Unsubscribe:List-Id:Content-Type:Subject:Cc:To: From:Date:References:In-Reply-To:Message-Id:MIME-Version:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=lxINc0kCB3nKZUg8Pjgeb8a0G1bTVhsiHfqgN5vLdOo=; b=nZUCJ2WSezin6IaqtWjR0xdhWV CNtNQTsujy3ECcMpJaDusHjlT3MiXYZ6O6ocYRbXBjIHWC4QOH7qYzVqE/RrKwMcouUdUO0Awf+lA T2XthRqZXSYlCn31OXTZJl7iTc/sSFhgfV4Fvhd5/GTbKM7GBXA6tqdfKRq13K8iuA1/V8aBJaUSY V6HsKEYPaf1Aw6d3wzH2TZr0kg/OTTJx4k3jesgkor0DWef1lwlzsEQTQpB7v1V24j31LIcaT0FoO zWupR5sLCbLExufYvIznPfD3ZWIolDIs2latsme+2/+iZinW0K0ZuMMLde0sDouPm64ujP2ZEr+df pyYpMbEw==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.97.1 #2 (Red Hat Linux)) id 1sJScB-0000000DrCm-2u99; Tue, 18 Jun 2024 06:46:47 +0000 Received: from wfout2-smtp.messagingengine.com ([64.147.123.145]) by bombadil.infradead.org with esmtps (Exim 4.97.1 #2 (Red Hat Linux)) id 1sJSc9-0000000DrBR-1tGi for linux-arm-kernel@lists.infradead.org; Tue, 18 Jun 2024 06:46:46 +0000 Received: from compute5.internal (compute5.nyi.internal [10.202.2.45]) by mailfout.west.internal (Postfix) with ESMTP id DEEC41C0009A; Tue, 18 Jun 2024 02:46:39 -0400 (EDT) Received: from imap51 ([10.202.2.101]) by compute5.internal (MEProxy); Tue, 18 Jun 2024 02:46:41 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=arndb.de; h=cc :cc:content-type:content-type:date:date:from:from:in-reply-to :in-reply-to:message-id:mime-version:references:reply-to:subject :subject:to:to; s=fm1; t=1718693199; x=1718779599; bh=lxINc0kCB3 nKZUg8Pjgeb8a0G1bTVhsiHfqgN5vLdOo=; b=K3HCS00evMayfUwfFBnHSUAwsU TG/znK14ZMvP5DL4hsl0iQyD4QETJhSufI4c2rzvJLpqtB53BaTYETkEnLNT2tKp l0Z5j7DajyKcZ3K+CLyifHOoNpCF9vF2PZUGauLt3yVmgVIOjZyG14RARnDf2846 GeCzl+52I+xfZEh/0X7KvAFy+M0bBsFKpDNBO2YfAFUEYYVmqNj9VJt+xVeu0WMG XjVZthJ9FxHv5+9ae/7rREnXWyNdYUjvgtYIF0ZVA3mnCmYtwxRjGjWOupTuoJnd 26kQnLo0HCxp3KMdv7OtSGoqZuOzrUiI3Bbr/QrYLV6a0EXwbQFLZSCu7mqw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-type:content-type:date:date :feedback-id:feedback-id:from:from:in-reply-to:in-reply-to :message-id:mime-version:references:reply-to:subject:subject:to :to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s= fm2; t=1718693199; x=1718779599; bh=lxINc0kCB3nKZUg8Pjgeb8a0G1bT VhsiHfqgN5vLdOo=; b=uUUVeTmRuXVF7AHPEr5LPKz+ARzDCYCBQU2tMpyj/YZ8 BJD23ffueXoiF60lNkXjs5gPOhuz3V3ebWOUzK9H93d0nET+kFixODe+BVoVvmPU NvTm0TfPKpF+DE30Vgrg9Otr5kJM5n62A23QrQAVOrChwzfk2eX8M9Z56nXbNYCD JgPYNwtVQezh0N5gzmW+2xw3KOloTe4GR/6VQppgLx9EywObZFP8HOYf9zZfi4Mz WaVfir8Xfr+jTK1xskURUKl895M3NqbmNlfgH/2y3zs4Tbs7gNx6U8OpA7TMscsC QphwyElmc36kG6IEfuTG8VBek9eMsPHGDmlmsCHOjQ== X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvledrfedviedguddufecutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh necuuegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmd enucfjughrpefofgggkfgjfhffhffvvefutgesthdtredtreertdenucfhrhhomhepfdet rhhnugcuuegvrhhgmhgrnhhnfdcuoegrrhhnugesrghrnhgusgdruggvqeenucggtffrrg htthgvrhhnpeffheeugeetiefhgeethfejgfdtuefggeejleehjeeutefhfeeggefhkedt keetffenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpe grrhhnugesrghrnhgusgdruggv X-ME-Proxy: Feedback-ID: i56a14606:Fastmail Received: by mailuser.nyi.internal (Postfix, from userid 501) id 7DE7EB60093; Tue, 18 Jun 2024 02:46:38 -0400 (EDT) X-Mailer: MessagingEngine.com Webmail Interface User-Agent: Cyrus-JMAP/3.11.0-alpha0-522-ga39cca1d5-fm-20240610.002-ga39cca1d MIME-Version: 1.0 Message-Id: In-Reply-To: <202406171618.A92D064@keescook> References: <20240617133721.377540-1-liuyuntao12@huawei.com> <202406171122.B5FDA6A@keescook> <202406171618.A92D064@keescook> Date: Tue, 18 Jun 2024 08:46:18 +0200 From: "Arnd Bergmann" To: "Kees Cook" Cc: "Mark Rutland" , "Yuntao Liu" , x86@kernel.org, linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org, linux-s390@vger.kernel.org, linux-hardening@vger.kernel.org, "Catalin Marinas" , "Will Deacon" , "Heiko Carstens" , gor@linux.ibm.com, "Alexander Gordeev" , "Christian Borntraeger" , "Sven Schnelle" , "Thomas Gleixner" , "Ingo Molnar" , "Borislav Petkov" , "Dave Hansen" , "H. Peter Anvin" , "Gustavo A. R. Silva" , "Leonardo Bras" , "Mark Brown" , imbrenda@linux.ibm.com, pawan.kumar.gupta@linux.intel.com Subject: Re: [PATCH] remove AND operation in choose_random_kstack_offset() Content-Type: text/plain X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20240617_234645_655757_94BC672B X-CRM114-Status: GOOD ( 14.80 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org On Tue, Jun 18, 2024, at 01:31, Kees Cook wrote: > On Mon, Jun 17, 2024 at 10:33:08PM +0200, Arnd Bergmann wrote: >> On Mon, Jun 17, 2024, at 20:22, Kees Cook wrote: > > I'm all for more entropy, but arch maintainers had wanted specific > control over this value, and given the years of bikeshedding over the > feature, I'm not inclined dive back into that debate, but okay. > > FWIW, the here's the actual entropy (due to stack alignment enforced by > the compiler for the given arch ABI). > > standard cap is 0x3FF (10 bits). > > arm64: capped at 0x1FF (9 bits), 5 bits effective > powerpc: uncapped (10 bits), 6 or 7 bits effective > riscv: uncapped (10 bits), 6 bits effective > x86: capped at 0xFF (8 bits), 5 (x86_64) or 6 (ia32) bits effective > s390: capped at 0xFF (8 bits), undocumented effective entropy Thanks for the summary. Right now of course we need to fix the bug from 9c573cd31343 ("randomize_kstack: Improve entropy diffusion") that has led to using full 10 bits after diffusion but put fewer bits in than possible on some architectures. Unless you want to revert that patch, we should ensure that any truncation is only done in KSTACK_OFFSET_MAX() rather than passed into choose_random_kstack_offset(). Arnd