On Tue, Jun 18, 2024 at 01:14:58PM +0200, Arnd Bergmann wrote:
> On Tue, Jun 18, 2024, at 12:45, Mark Rutland wrote:
> > On Mon, Jun 17, 2024 at 10:33:08PM +0200, Arnd Bergmann wrote:
> >> On Mon, Jun 17, 2024, at 20:22, Kees Cook wrote:
> >> > On Mon, Jun 17, 2024 at 04:52:15PM +0100, Mark Rutland wrote:
>
> > Sorry, to be clear, I'm happy for this to change, so long as:
> >
> > * The commit message explains why that's safe.
> >
> > IIUC this goes from 511 to 1023 bytes on arm64, which is ~3% of the
> > stack, so maybe that is ok. It'd be nice to see any rationale/analysis
> > beyond "the offset would be bitwise ANDed with 0x3FF".
>
> Absolutely agreed, and the commit message should also clarify that
> the increase has already happened as an unintended side-effect
> of commit 9c573cd31343 ("randomize_kstack: Improve entropy
> diffusion").
FWIW, I think that alone is a reasonable justification.
> > * The comments in architecture code referring to the masking get
> > removed/updated along with the masking.
>
> Right.
>
> FWIW, I also wouldn't mind to having a compile-time option
> that configures the number of random bits on the stack offset,
> but my preference here is to have a reasonable default and
> not need a config option.
I agree; I think we should avoid a config option unless we actually see
a need for it in testing.
Mark.
