linux-next/arch
Kees Cook ef40d28f17 randomize_kstack: Remove non-functional per-arch entropy filtering
An unintended consequence of commit 9c573cd313 ("randomize_kstack:
Improve entropy diffusion") was that the per-architecture entropy size
filtering reduced how many bits were being added to the mix, rather than
how many bits were being used during the offsetting. All architectures
fell back to the existing default of 0x3FF (10 bits), which will consume
at most 1KiB of stack space. It seems that this is working just fine,
so let's avoid the confusion and update everything to use the default.

The prior intent of the per-architecture limits were:

  arm64: capped at 0x1FF (9 bits), 5 bits effective
  powerpc: uncapped (10 bits), 6 or 7 bits effective
  riscv: uncapped (10 bits), 6 bits effective
  x86: capped at 0xFF (8 bits), 5 (x86_64) or 6 (ia32) bits effective
  s390: capped at 0xFF (8 bits), undocumented effective entropy

Current discussion has led to just dropping the original per-architecture
filters. The additional entropy appears to be safe for arm64, x86,
and s390. Quoting Arnd, "There is no point pretending that 15.75KB is
somehow safe to use while 15.00KB is not."

Co-developed-by: Yuntao Liu <liuyuntao12@huawei.com>
Signed-off-by: Yuntao Liu <liuyuntao12@huawei.com>
Fixes: 9c573cd313 ("randomize_kstack: Improve entropy diffusion")
Link: https://lore.kernel.org/r/20240617133721.377540-1-liuyuntao12@huawei.com
Reviewed-by: Arnd Bergmann <arnd@arndb.de>
Acked-by: Mark Rutland <mark.rutland@arm.com>
Acked-by: Heiko Carstens <hca@linux.ibm.com> # s390
Link: https://lore.kernel.org/r/20240619214711.work.953-kees@kernel.org
Signed-off-by: Kees Cook <kees@kernel.org>
2024-06-20 11:34:46 -07:00
..
alpha mseal: wire up mseal syscall 2024-05-23 19:40:26 -07:00
arc bpf-for-netdev 2024-05-27 16:26:30 -07:00
arm mseal: wire up mseal syscall 2024-05-23 19:40:26 -07:00
arm64 randomize_kstack: Remove non-functional per-arch entropy filtering 2024-06-20 11:34:46 -07:00
csky The usual shower of singleton fixes and minor series all over MM, 2024-05-19 09:21:03 -07:00
hexagon hexagon: vmlinux.lds.S: handle attributes section 2024-03-26 11:07:23 -07:00
loongarch - A series ("kbuild: enable more warnings by default") from Arnd 2024-05-22 18:59:29 -07:00
m68k mseal: wire up mseal syscall 2024-05-23 19:40:26 -07:00
microblaze mseal: wire up mseal syscall 2024-05-23 19:40:26 -07:00
mips mseal: wire up mseal syscall 2024-05-23 19:40:26 -07:00
nios2 Kbuild updates for v6.10 2024-05-18 12:39:20 -07:00
openrisc openrisc: Move FPU state out of pt_regs 2024-04-15 15:20:39 +01:00
parisc mseal: wire up mseal syscall 2024-05-23 19:40:26 -07:00
powerpc powerpc: Limit ARCH_HAS_KERNEL_FPU_SUPPORT to PPC64 2024-05-30 22:57:27 +10:00
riscv riscv: Fix fully ordered LR/SC xchg[8|16]() implementations 2024-05-30 09:43:14 -07:00
s390 randomize_kstack: Remove non-functional per-arch entropy filtering 2024-06-20 11:34:46 -07:00
sh mseal: wire up mseal syscall 2024-05-23 19:40:26 -07:00
sparc Jeff Xu's implementation of the mseal() syscall. 2024-05-24 12:47:28 -07:00
um This pull request contains the following changes for UML: 2024-05-25 13:17:48 -07:00
x86 randomize_kstack: Remove non-functional per-arch entropy filtering 2024-06-20 11:34:46 -07:00
xtensa mseal: wire up mseal syscall 2024-05-23 19:40:26 -07:00
.gitignore
Kconfig arch: add ARCH_HAS_KERNEL_FPU_SUPPORT 2024-05-19 14:36:17 -07:00