From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from canpmsgout10.his.huawei.com (canpmsgout10.his.huawei.com [113.46.200.225]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4C1C431F98D; Thu, 9 Jul 2026 02:34:30 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=113.46.200.225 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1783564475; cv=none; b=WB2Kkkhzgm7hq0yTvKDzEmRPdBLa4FlMK438XkPmFjRrnpThOc9kuCJXOaBhHbWL+mdpnOK/FKyZEjLREbacltFjYzn6qb6GmdAgs//BcM8YoReroMb9vntrTWHTyr3BmWnTGbygQZnKhxY81FTBJNZ0gKYXZgJ1USDOPqTqsOc= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1783564475; c=relaxed/simple; bh=2rADA5LOo87QUCvdBe9Wce5Sy5RqDhX9Q2kGxEFIV3g=; h=Message-ID:Date:MIME-Version:Subject:To:CC:References:From: In-Reply-To:Content-Type; b=fq8w3qLbrgrR6E3FQOQmzgAVYI4yW9UoNIVcwB/pTxsmPDydAOG8e+2YApdIqWvYcOG4QbrPvVCCqt3u/W7FVohI8Zmq7P3HrIHkw4kCetrNx4f109OHvMrC8Ke979M0YT7Ec/3pJAPjimE6Eyu7Btpf98b+mbeKf0PVMO9G35E= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=huawei.com; spf=pass smtp.mailfrom=huawei.com; dkim=pass (1024-bit key) header.d=huawei.com header.i=@huawei.com header.b=wLN4PuTD; arc=none smtp.client-ip=113.46.200.225 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=huawei.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=huawei.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=huawei.com header.i=@huawei.com header.b="wLN4PuTD" dkim-signature: v=1; a=rsa-sha256; d=huawei.com; s=dkim; c=relaxed/relaxed; q=dns/txt; h=From; bh=Y5gPTQlvZ5+PltKfyd7jsM9jOpB/L3Mods25ly3hUmU=; b=wLN4PuTDh2Bs3oUFfNRxSZSE7gCwmqjYG039d/qXSq1UpIOaCLhb2iezcdm336V58TY0kTXy4 szfWi9o5up7AY22Girs57z0q9Oi7TCvcfhRpAuei9Dgq6Q3rv8QoRLbJRWC1d+UazJf8zIhojgL pcWHZ91jG23KLVROOKeLeOw= Received: from mail.maildlp.com (unknown [172.19.163.15]) by canpmsgout10.his.huawei.com (SkyGuard) with ESMTPS id 4gwf2174NCz1K96m; Thu, 9 Jul 2026 10:25:13 +0800 (CST) Received: from dggpemf500011.china.huawei.com (unknown [7.185.36.131]) by mail.maildlp.com (Postfix) with ESMTPS id 387FB40586; Thu, 9 Jul 2026 10:34:27 +0800 (CST) Received: from [10.67.109.254] (10.67.109.254) by dggpemf500011.china.huawei.com (7.185.36.131) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1544.11; Thu, 9 Jul 2026 10:34:24 +0800 Message-ID: <3fdebd1c-f7ea-4b49-808d-8dec99e68623@huawei.com> Date: Thu, 9 Jul 2026 10:34:22 +0800 Precedence: bulk X-Mailing-List: linux-doc@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [patch 03/18] entry: Provide [syscall_]enter_from_user_mode_randomize_stack() To: Thomas Gleixner , LKML CC: Peter Zijlstra , Michael Ellerman , Shrikanth Hegde , , Kees Cook , Huacai Chen , , Paul Walmsley , Palmer Dabbelt , , Sven Schnelle , , , Mark Rutland , Andy Lutomirski , Oleg Nesterov , Richard Henderson , Russell King , Catalin Marinas , Guo Ren , Geert Uytterhoeven , Thomas Bogendoerfer , Helge Deller , Yoshinori Sato , Richard Weinberger , Chris Zankel , , , , , , , , , Arnd Bergmann , Vineet Gupta , Will Deacon , Brian Cain , Michal Simek , Dinh Nguyen , "David S. Miller" , Andreas Larsson , , , , , , =?UTF-8?Q?Michal_Such=C3=A1nek?= , Jonathan Corbet , References: <20260707181957.433213175@kernel.org> <20260707190253.816918647@kernel.org> From: Jinjie Ruan In-Reply-To: <20260707190253.816918647@kernel.org> Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-ClientProxiedBy: kwepems500002.china.huawei.com (7.221.188.17) To dggpemf500011.china.huawei.com (7.185.36.131) On 7/8/2026 3:06 AM, Thomas Gleixner wrote: > Randomizing the syscall stack can only happen after state is established > via enter_from_user_mode() or syscall_enter_from_user_mode(). The earlier > it happens the better. > > Provide two new macros to consolidate that: > > - enter_from_user_mode_randomize_stack() > enter_from_user_mode(); > add_random_kstack_offset_irqsoff(); > > - syscall_enter_from_user_mode_randomize_stack() > enter_from_user_mode_randomize_stack(); > syscall_enter_from_user_mode_work(); > > to reduce boiler plate code. > > Those are macros and not inline functions as the latter would limit the > stack randomization scope to the inline function itself. > > Signed-off-by: Thomas Gleixner > --- > include/linux/entry-common.h | 56 +++++++++++++++++++++++++++++++++++++++++++ > 1 file changed, 56 insertions(+) > > --- a/include/linux/entry-common.h > +++ b/include/linux/entry-common.h > @@ -6,6 +6,7 @@ > #include > #include > #include > +#include > #include > #include > #include > @@ -150,6 +151,61 @@ static __always_inline long syscall_ente > } > > /** > + * enter_from_user_mode_randomize_stack - Establish state and add stack randomization > + * before invoking syscall_enter_from_user_mode_work() > + * @regs: Pointer to currents pt_regs > + * > + * Invoked from architecture specific syscall entry code with interrupts > + * disabled. The calling code has to be non-instrumentable. When the function > + * returns all state is correct, interrupts are still disabled and the > + * subsequent functions can be instrumented. > + * > + * Implemented as a macro so that the stack randomization is effective > + * throughout the function in which it is invoked. An inline would only make it > + * effective in the scope of the inline function. > + */ > +#define enter_from_user_mode_randomize_stack(regs) \ > +do { \ > + enter_from_user_mode(regs); \ > + instrumentation_begin(); \ > + add_random_kstack_offset_irqsoff(); \ > + instrumentation_end(); \ > +} while (0) > + > +/** > + * syscall_enter_from_user_mode_randomize_stack - Establish state and check and handle work > + * before invoking a syscall > + * @regs: Pointer to currents pt_regs > + * @syscall: The syscall number > + * > + * Invoked from architecture specific syscall entry code with interrupts > + * disabled. The calling code has to be non-instrumentable. When the > + * function returns all state is correct, interrupts are enabled and the > + * subsequent functions can be instrumented. > + * > + * This is the combination of enter_from_user_mode_randomize_stack() and > + * syscall_enter_from_user_mode_work() to be used when there is no > + * architecture specific work to be done between the two. > + * > + * Returns: The original or a modified syscall number. See > + * syscall_enter_from_user_mode_work() for further explanation. > + * > + * Implemented as a macro to make stack randomization effective in the calling > + * scope. > + */ > +#define syscall_enter_from_user_mode_randomize_stack(regs, syscall) \ > +({ \ > + enter_from_user_mode_randomize_stack(regs); \ > + \ > + instrumentation_begin(); \ > + local_irq_enable(); \ > + long _ret = syscall_enter_from_user_mode_work(regs, syscall); \ > + instrumentation_end(); \ > + \ > + _ret; \ > +}) Reviewed-by: Jinjie Ruan > + > +/** > * syscall_enter_from_user_mode - Establish state and check and handle work > * before invoking a syscall > * @regs: Pointer to currents pt_regs >