On Thu, Apr 18, 2019 at 09:19:18AM -0500, Kees Cook wrote: > On Thu, Apr 18, 2019 at 12:55 AM Alex Ghiti <alex@xxxxxxxx> wrote: > > Regarding the help text, I agree that it does not seem to be frequent to > > place > > comment above config like that, I'll let Christoph and you decide what's > > best. And I'll > > add the possibility for the arch to define its own STACK_RND_MASK. > > Yeah, I think it's very helpful to spell out the requirements for new > architectures with these kinds of features in the help text (see > SECCOMP_FILTER for example). Spelling out the requirements sounds useful. Abusing the help text for an option for which no help text can be displayed it pointless. Just make it a comment as Alex did in this patch, which makes whole lot more sense. > > Actually, I had to add those ifdefs for mmap_rnd_compat_bits, not > > is_compat_task. > > Oh! In that case, use CONFIG_HAVE_ARCH_MMAP_RND_BITS. :) Actually, > what would be maybe cleaner would be to add mmap_rnd_bits_min/max > consts set to 0 for the non-CONFIG_HAVE_ARCH_MMAP_RND_BITS case at the > top of mm/mmap.c. Lets do that in a second step. The current series is already big enough and a major improvement, even if there is much more to clean up in this area still left.