Re: [PATCH v2 3/3] randomize_kstack: Unify random source across arches

Kees Cook Tue, 16 Dec 2025 00:28:18 -0800

On Mon, Dec 15, 2025 at 04:35:17PM +0000, Ryan Roberts wrote:
> [...]
> @@ -45,9 +46,22 @@ 
> DECLARE_STATIC_KEY_MAYBE(CONFIG_RANDOMIZE_KSTACK_OFFSET_DEFAULT,
>  #define KSTACK_OFFSET_MAX(x) ((x) & 0b1111111100)
>  #endif
>  
> +DECLARE_PER_CPU(struct rnd_state, kstack_rnd_state);
> +
> +static __always_inline u32 get_kstack_offset(void)
> +{
> +     struct rnd_state *state;
> +     u32 rnd;
> +
> +     state = &get_cpu_var(kstack_rnd_state);
> +     rnd = prandom_u32_state(state);
> +     put_cpu_var(kstack_rnd_state);
> +
> +     return rnd;
> +}
> [...]
> -static inline void random_kstack_task_init(struct task_struct *tsk)
> +static int random_kstack_init(void)
>  {
> -     tsk->kstack_offset = 0;
> +     prandom_seed_full_state(&kstack_rnd_state);
> +     return 0;
>  }
> +
> +late_initcall(random_kstack_init);


Doesn't this need to be run for every CPU? (And how does hotplug work
for such things?) And doesn't it need a get_cpu_var?

-- 
Kees Cook

Re: [PATCH v2 3/3] randomize_kstack: Unify random source across arches

Reply via email to