Commit 9c573cd3 authored Mar 09, 2024 by Kees Cook

randomize_kstack: Improve entropy diffusion

The kstack_offset variable was really only ever using the low bits for
kernel stack offset entropy. Add a ror32() to increase bit diffusion.

Suggested-by: Arnd Bergmann <arnd@arndb.de>
Fixes: 39218ff4 ("stack: Optionally randomize kernel stack offset each syscall")
Link: https://lore.kernel.org/r/20240309202445.work.165-kees@kernel.org

Signed-off-by: Kees Cook <keescook@chromium.org>

parent bbda3ba6

include/linux/randomize_kstack.h

+1 −1

Original line number	Diff line number	Diff line
		@@ -80,7 +80,7 @@ DECLARE_PER_CPU(u32, kstack_offset);
		if (static_branch_maybe(CONFIG_RANDOMIZE_KSTACK_OFFSET_DEFAULT, \
		&randomize_kstack_offset)) { \
		u32 offset = raw_cpu_read(kstack_offset); \
		offset ^= (rand); \
		offset = ror32(offset, 5) ^ (rand); \
		raw_cpu_write(kstack_offset, offset); \
		} \
		} while (0)