On Tue, 16 Dec 2025 at 09:27, Kees Cook <[email protected]> wrote: > > On Mon, Dec 15, 2025 at 04:35:17PM +0000, Ryan Roberts wrote: > > [...] > > @@ -45,9 +46,22 @@ > > DECLARE_STATIC_KEY_MAYBE(CONFIG_RANDOMIZE_KSTACK_OFFSET_DEFAULT, > > #define KSTACK_OFFSET_MAX(x) ((x) & 0b1111111100) > > #endif > > > > +DECLARE_PER_CPU(struct rnd_state, kstack_rnd_state); > > + > > +static __always_inline u32 get_kstack_offset(void) > > +{ > > + struct rnd_state *state; > > + u32 rnd; > > + > > + state = &get_cpu_var(kstack_rnd_state); > > + rnd = prandom_u32_state(state); > > + put_cpu_var(kstack_rnd_state); > > + > > + return rnd; > > +} > > [...] > > -static inline void random_kstack_task_init(struct task_struct *tsk) > > +static int random_kstack_init(void) > > { > > - tsk->kstack_offset = 0; > > + prandom_seed_full_state(&kstack_rnd_state); > > + return 0; > > } > > + > > +late_initcall(random_kstack_init); > > Doesn't this need to be run for every CPU? (And how does hotplug work > for such things?) And doesn't it need a get_cpu_var? >
prandom_seed_full_state() takes a 'struct rnd_state __percpu *pcpu_state', and performs the initialization for all possible CPUs.
