On Tue, Jun 18, 2024, at 12:45, Mark Rutland wrote:
> On Mon, Jun 17, 2024 at 10:33:08PM +0200, Arnd Bergmann wrote:
>> On Mon, Jun 17, 2024, at 20:22, Kees Cook wrote:
>> > On Mon, Jun 17, 2024 at 04:52:15PM +0100, Mark Rutland wrote:
> Sorry, to be clear, I'm happy for this to change, so long as:
>
> * The commit message explains why that's safe.
>
> IIUC this goes from 511 to 1023 bytes on arm64, which is ~3% of the
> stack, so maybe that is ok. It'd be nice to see any rationale/analysis
> beyond "the offset would be bitwise ANDed with 0x3FF".
Absolutely agreed, and the commit message should also clarify that
the increase has already happened as an unintended side-effect
of commit 9c573cd31343 ("randomize_kstack: Improve entropy
diffusion").
> * The comments in architecture code referring to the masking get
> removed/updated along with the masking.
Right.
FWIW, I also wouldn't mind to having a compile-time option
that configures the number of random bits on the stack offset,
but my preference here is to have a reasonable default and
not need a config option.
Arnd
