From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id EE4B5C27C4F for ; Tue, 18 Jun 2024 11:16:02 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender:List-Subscribe:List-Help :List-Post:List-Archive:List-Unsubscribe:List-Id:Content-Type:Subject:Cc:To: From:Date:References:In-Reply-To:Message-Id:MIME-Version:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=ALp4QxWC9zgKoPTEnvdpcdX1IlHBjC/eM21B181t8Qs=; b=B2hUe6PuGRFYvcKG/4n70r6WRh 2eFXKKvbCQBQh0u2S5MGt59u/yTA1ibAYIi/wZ/USYZYNIaQfb86edBCXRvxF1Gq3taGE60iN2nl3 Qt8TMUa6Vq+QjX/t0oAOrDKLIC4YZunYhv6mz+eSqBHImsguAlPgzZkp7Nco/40JzEgpvw6paOt9W UXlZIxun6aNiHspe/4icLb1zYuOP0crljiYpo5WMjs3ok6mUHJm7Ivr5Jw0fqJsvhYVi1sWubz7hB ooldSb9Tz1+jeKzn74jq0oGoAUVaU+Vuyb6mbVIbQxqoL383BxmHYPRI1wKWyW88/YTvWk3L+SJf3 MLC5iBFQ==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.97.1 #2 (Red Hat Linux)) id 1sJWoV-0000000EZbT-2j4K; Tue, 18 Jun 2024 11:15:47 +0000 Received: from wfhigh6-smtp.messagingengine.com ([64.147.123.157]) by bombadil.infradead.org with esmtps (Exim 4.97.1 #2 (Red Hat Linux)) id 1sJWoQ-0000000EZYU-0Yfk for linux-arm-kernel@lists.infradead.org; Tue, 18 Jun 2024 11:15:45 +0000 Received: from compute5.internal (compute5.nyi.internal [10.202.2.45]) by mailfhigh.west.internal (Postfix) with ESMTP id 4449E18000DA; Tue, 18 Jun 2024 07:15:36 -0400 (EDT) Received: from imap51 ([10.202.2.101]) by compute5.internal (MEProxy); Tue, 18 Jun 2024 07:15:38 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=arndb.de; h=cc :cc:content-type:content-type:date:date:from:from:in-reply-to :in-reply-to:message-id:mime-version:references:reply-to:subject :subject:to:to; s=fm1; t=1718709335; x=1718795735; bh=ALp4QxWC9z gKoPTEnvdpcdX1IlHBjC/eM21B181t8Qs=; b=tYqlNT8GAC/WBA3lxV5xMGLFUF nriSWTGMpCIvmCW2quS6yOJsmEG99h5lD6miqXzBpVSs1tvxyGB2SFeoyChM2or+ QEZ85imi6sTtpQ4nJZELEpNvLjGSH2zpO0xaTSabgP29IbJxmFNaAZ3brdCFTTx9 yhPYyocFG+FZFuy0Inxn2D9L+1hHfyJNm6mIU820DivdXGeCcp8HZeo4nwxDQWvh MxVxZlwgU6L6MWl7vrNhEWGZ9QzVCERobCX4Q5vjOqN5nmjwTYXNkdGWYDWOpQMG sSLuIqs30B34hhVNCJZhmOgP+VLan/iaAZuKRKmD3bsyR9Tq1c8tkT6B2CSA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-type:content-type:date:date :feedback-id:feedback-id:from:from:in-reply-to:in-reply-to :message-id:mime-version:references:reply-to:subject:subject:to :to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s= fm2; t=1718709335; x=1718795735; bh=ALp4QxWC9zgKoPTEnvdpcdX1IlHB jC/eM21B181t8Qs=; b=P0pGtVLl3EUqZ5r9okCduwGpVptn3qNKep//qgjPBOqg DAG8XsqhGZp8DahniuR+g0c/ZuRk3l8yHWVLSUhiGRSyf83CbK+t0SFCruLi3C6u U2CsT5SHPSm58BEmw+mTAbGGxTa2eGTFy438A8mJPmv0iqCD6Rc5OJAGjoBtwVjt d7HI6QH1mw2edwa/Wg9XIVonepy69OmGQkRB5sDhSkjZHBc+3gJyP417eDSbIJKf P7s0U7AO5i9xFt/hfRdo0M0KK9tGbY/Rj2jxejONoFZwasblEgHxWDkKcGmqShMY WAV/PMQnq128JAaMjHHekEQsWif/EjO83qPzGVv8FQ== X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvledrfedvkedgtdelucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne cujfgurhepofgfggfkjghffffhvfevufgtsehttdertderredtnecuhfhrohhmpedftehr nhguuceuvghrghhmrghnnhdfuceorghrnhgusegrrhhnuggsrdguvgeqnecuggftrfgrth htvghrnhepffehueegteeihfegtefhjefgtdeugfegjeelheejueethfefgeeghfektdek teffnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomheprg hrnhgusegrrhhnuggsrdguvg X-ME-Proxy: Feedback-ID: i56a14606:Fastmail Received: by mailuser.nyi.internal (Postfix, from userid 501) id 2CF1DB60092; Tue, 18 Jun 2024 07:15:35 -0400 (EDT) X-Mailer: MessagingEngine.com Webmail Interface User-Agent: Cyrus-JMAP/3.11.0-alpha0-522-ga39cca1d5-fm-20240610.002-ga39cca1d MIME-Version: 1.0 Message-Id: In-Reply-To: References: <20240617133721.377540-1-liuyuntao12@huawei.com> <202406171122.B5FDA6A@keescook> Date: Tue, 18 Jun 2024 13:14:58 +0200 From: "Arnd Bergmann" To: "Mark Rutland" Cc: "Kees Cook" , "Yuntao Liu" , x86@kernel.org, linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org, linux-s390@vger.kernel.org, linux-hardening@vger.kernel.org, "Catalin Marinas" , "Will Deacon" , "Heiko Carstens" , gor@linux.ibm.com, "Alexander Gordeev" , "Christian Borntraeger" , "Sven Schnelle" , "Thomas Gleixner" , "Ingo Molnar" , "Borislav Petkov" , "Dave Hansen" , "H. Peter Anvin" , "Gustavo A. R. Silva" , "Leonardo Bras" , "Mark Brown" , imbrenda@linux.ibm.com, pawan.kumar.gupta@linux.intel.com Subject: Re: [PATCH] remove AND operation in choose_random_kstack_offset() Content-Type: text/plain X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20240618_041542_858992_4D372016 X-CRM114-Status: GOOD ( 13.81 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org On Tue, Jun 18, 2024, at 12:45, Mark Rutland wrote: > On Mon, Jun 17, 2024 at 10:33:08PM +0200, Arnd Bergmann wrote: >> On Mon, Jun 17, 2024, at 20:22, Kees Cook wrote: >> > On Mon, Jun 17, 2024 at 04:52:15PM +0100, Mark Rutland wrote: > Sorry, to be clear, I'm happy for this to change, so long as: > > * The commit message explains why that's safe. > > IIUC this goes from 511 to 1023 bytes on arm64, which is ~3% of the > stack, so maybe that is ok. It'd be nice to see any rationale/analysis > beyond "the offset would be bitwise ANDed with 0x3FF". Absolutely agreed, and the commit message should also clarify that the increase has already happened as an unintended side-effect of commit 9c573cd31343 ("randomize_kstack: Improve entropy diffusion"). > * The comments in architecture code referring to the masking get > removed/updated along with the masking. Right. FWIW, I also wouldn't mind to having a compile-time option that configures the number of random bits on the stack offset, but my preference here is to have a reasonable default and not need a config option. Arnd