On Sat, Jul 20, 2024 at 10:52:06AM +0800, Jinjie Ruan wrote: > > > On 2024/7/20 0:01, Kees Cook wrote: > > On Fri, Jul 19, 2024 at 11:14:27AM +0800, Jinjie Ruan wrote: > >> Add support of kernel stack offset randomization while handling syscall, > >> the offset is defaultly limited by KSTACK_OFFSET_MAX(). > >> > >> In order to avoid trigger stack canaries (due to __builtin_alloca) and > >> slowing down the entry path, use __no_stack_protector attribute to > >> disable stack protector for do_syscall() at function level. > >> > >> With this patch, the REPORT_STACK test show that: > >> `loongarch64 bits of stack entropy: 7` > > > > I suspect this will report the correct "6" after now that this commit > > has landed: > > https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=872bb37f6829d4f7f3ed5afe2786add3d4384b4b > > Hi, Kees > > I noticed your patch, and I reconfirm that I have updated to the latest > mainline and that your patch is in the code. > > However,the following REPORT_STACK test of your below script has the > same result (run multiple times). > > And riscv64, arm64, x86 also has the 7 bit of stack entropy.
Okay, thanks for checking! I may go take a closer look if I have time. It'd only be a problem if the distribution isn't sufficiently even. -Kees -- Kees Cook
