On Thu, May 9, 2019 at 1:00 AM Hsin-Yi Wang hsinyi@chromium.org wrote:
This early added entropy is also going to be used for stack canary. At the time it's created there's not be much entropy (before boot_init_stack_canary(), there's only add_latent_entropy() and command_line). On arm64, there is a single canary for all tasks. If RNG is weak or the seed can be read, it might be easier to figure out the canary.
With newer compilers[1] there will be a per-task canary on arm64[2], which will improve this situation, but many architectures lack a per-task canary, unfortunately. I've also recently rearranged the RNG initialization[3] which should also help with better entropy mixing. But each of these are kind of band-aids against not having sufficient initial entropy, which leaves the canary potentially exposed.
-Kees
[1] https://gcc.gnu.org/git/?p=gcc.git%3Ba=commitdiff%3Bh=359c1bf35e3109d2f38829... [2] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?i... [3] https://git.kernel.org/pub/scm/linux/kernel/git/tytso/random.git/commit/?h=d...