| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAGXu5jLS+71p20qB-8x_A1SJuqQN+q17-B50FqFtHc4T2YVHGA@mail.gmail.com>
Date: Mon, 29 Apr 2013 12:15:53 -0700
From: Kees Cook <keescook@...omium.org>
To: "H. Peter Anvin" <hpa@...or.com>
Cc: LKML <linux-kernel@...r.kernel.org>,
"kernel-hardening@...ts.openwall.com"
<kernel-hardening@...ts.openwall.com>,
Thomas Gleixner <tglx@...utronix.de>,
Ingo Molnar <mingo@...hat.com>,
"x86@...nel.org" <x86@...nel.org>,
Jarkko Sakkinen <jarkko.sakkinen@...el.com>,
Matthew Garrett <mjg@...hat.com>,
Matt Fleming <matt.fleming@...el.com>,
Eric Northup <digitaleric@...gle.com>,
Dan Rosenberg <drosenberg@...curity.com>,
Julien Tinnes <jln@...gle.com>, Will Drewry <wad@...omium.org>
Subject: Re: [PATCH 4/6] x86: kaslr: select random base offset
On Fri, Apr 26, 2013 at 2:50 PM, H. Peter Anvin <hpa@...or.com> wrote:
> On 04/26/2013 12:03 PM, Kees Cook wrote:
>> +
>> +static unsigned long get_random_long(void)
>> +{
>> + if (has_cpuflag(X86_FEATURE_RDRAND)) {
>> + unsigned long random;
>> +
>> + debug_putstr("KASLR using RDRAND...\n");
>> + if (rdrand(&random))
>> + return random;
>> + }
>> +
>> + if (has_cpuflag(X86_FEATURE_TSC)) {
>> + uint32_t raw;
>> + unsigned long timer;
>> +
>> + debug_putstr("KASLR using RDTSC...\n");
>> + rdtscl(raw);
>> +
>> + /* Repeat the low bits of rdtsc. */
>> + timer = raw & 0xffff;
>> + timer |= (timer << 16);
>> +#ifdef CONFIG_X86_64
>> + timer |= (timer << 32) | (timer << 48);
>> +#endif
>> +
>
> This seems like a very odd thing to do. If you want to scramble bits,
> it would make more sense to do a multiply -- or much better, a
> *circular* multiply -- with a large constant.
Well, my thought here was that the entropy is only being used in a
very narrow band (since it's truncated by alignment on the low end and
physical memory on the high end), so I didn't want to "dilute" the
already bad entropy any more. Instead, I just repeated it. If a
circular multiply would serve the same purpose, I can do that. Do you
have any examples of that?
>
>> + return timer;
>> + }
>> +
>> + debug_putstr("KASLR found no entropy source...\n");
>> + return 0;
>> +}
>>
>
> It might be safe to assume that anything old enough to lack RDTSC
> (basically a 486) will have an 8254, and reading back the 8254 counter
> register.
Ah, good idea. I've added this now, which seems to work if I force the
TSC check to fail:
#define I8254_PORT_CONTROL 0x43
#define I8254_PORT_COUNTER0 0x40
#define I8254_CMD_READBACK 0xC0
#define I8254_SELECT_COUNTER0 0x02
#define I8254_STATUS_NOTREADY 0x40
static inline u16 i8254(void)
{
u16 status, timer;
do {
outb(I8254_PORT_CONTROL,
I8254_CMD_READBACK | I8254_SELECT_COUNTER0);
status = inb(I8254_PORT_COUNTER0);
timer = inb(I8254_PORT_COUNTER0);
timer |= inb(I8254_PORT_COUNTER0) << 8;
} while (status & I8254_STATUS_NOTREADY);
return timer;
}
Thanks,
-Kees
--
Kees Cook
Chrome OS Security
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists