On Mon, Apr 20, 2020 at 09:54:58PM +0100, Will Deacon wrote: > On Tue, Mar 24, 2020 at 01:32:31PM -0700, Kees Cook wrote: > > + /* > > + * Since the compiler chooses a 4 bit alignment for the stack, > > + * let's save one additional bit (9 total), which gets us up > > + * near 5 bits of entropy. > > + */ > > + choose_random_kstack_offset(get_random_int() & 0x1FF); > > Hmm, this comment doesn't make any sense to me. I mean, I get that 0x1ff > is 9 bits, and that is 4+5 but so what? Er, well, yes. I guess I was just trying to explain why there were 9 bits saved here and to document what I was seeing the compiler actually doing with the values. (And it serves as a comparison to the x86 comment which is explaining similar calculations in the face of x86_64 vs ia32.) Would something like this be better? /* * Since the compiler uses 4 bit alignment for the stack (1 more than * x86_64), let's try to match the 5ish-bit entropy seen in x86_64, * instead of having needlessly lower entropy. As a result, keep the * low 9 bits. */ -- Kees Cook
