[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <1306110336.25049.7.camel@dan>
Date: Sun, 22 May 2011 20:25:36 -0400
From: Dan Rosenberg <drosenberg@...curity.com>
To: Tony Luck <tony.luck@...il.com>
Cc: Ingo Molnar <mingo@...e.hu>, linux-kernel@...r.kernel.org,
davej@...hat.com, kees.cook@...onical.com, davem@...emloft.net,
eranian@...gle.com, torvalds@...ux-foundation.org,
adobriyan@...il.com, penberg@...nel.org, hpa@...or.com
Subject: Re: [BUG] perf: bogus correlation of kernel symbols
On Sun, 2011-05-22 at 16:49 -0700, Tony Luck wrote:
>
>
> On Sun, May 22, 2011 at 11:45 AM, Dan Rosenberg
> <drosenberg@...curity.com> wrote:
> 1. Is it ok to assume the existence of rdtsc? If not, what
> are other
> ways of gathering entropy early in the boot process? If this
> is the
> approach that's going to be taken, system uptime potentially
> becomes
> useful for attackers. Any thoughts on how to address this?
>
> There is a cpuid bit to tell you whether the processor supports rdtsc.
>
This might be worth checking, but it also might just be easier to
clearly document in the Kconfig that the feature requires rdtsc. I'll
play with it a bit.
> In the cold boot case, I'd worry about whether rdtsc was all that
> random,
> it counts from zero when the processors come out of cold reset, and
> things should be quite deterministic up to when the kernel loads;
> especially if you have a solid state boot drive rather than the old
> spinning kind.
>
The question really becomes whether it's "good enough". It's certainly
not cryptographic randomness, but it will produce different results on
different boots depending on a variety of factors, including
out-of-order instruction execution, multi-CPU systems, and differences
in CPU models. Even though a single machine may be slightly more likely
to produce certain offsets more often, it seems to me that it would
still accomplish the goal, because it's highly unlikely that an attacker
would be able to perform the statistical analysis necessary to figure
that out.
> Sometime soon you'll have "rdrand" available (check a different cpuid
> bit).
>
This of course is highly preferable, but I'd rather implement a solution
that's widely supported in hardware today. Perhaps further down the
road it could be switched.
> -Tony
>
>
Thanks for the feedback.
-Dan
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists