lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Mon, 18 Mar 2019 14:07:57 -0700
From:   Kees Cook <keescook@...omium.org>
To:     Andy Lutomirski <luto@...nel.org>
Cc:     Elena Reshetova <elena.reshetova@...el.com>,
        Josh Poimboeuf <jpoimboe@...hat.com>,
        Jann Horn <jannh@...gle.com>,
        "Perla, Enrico" <enrico.perla@...el.com>,
        Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>,
        Thomas Gleixner <tglx@...utronix.de>,
        LKML <linux-kernel@...r.kernel.org>,
        Peter Zijlstra <peterz@...radead.org>,
        Greg KH <gregkh@...uxfoundation.org>
Subject: Re: [RFC PATCH] x86/entry/64: randomize kernel stack offset upon syscall

On Mon, Mar 18, 2019 at 1:16 PM Andy Lutomirski <luto@...nel.org> wrote:
> On Mon, Mar 18, 2019 at 2:41 AM Elena Reshetova
> <elena.reshetova@...el.com> wrote:
> > Performance:
> >
> > 1) lmbench: ./lat_syscall -N 1000000 null
> >     base:                     Simple syscall: 0.1774 microseconds
> >     random_offset (rdtsc):     Simple syscall: 0.1803 microseconds
> >     random_offset (rdrand): Simple syscall: 0.3702 microseconds
> >
> > 2)  Andy's tests, misc-tests: ./timing_test_64 10M sys_enosys
> >     base:                     10000000 loops in 1.62224s = 162.22 nsec / loop
> >     random_offset (rdtsc):     10000000 loops in 1.64660s = 164.66 nsec / loop
> >     random_offset (rdrand): 10000000 loops in 3.51315s = 351.32 nsec / loop
> >
>
> Egads!  RDTSC is nice and fast but probably fairly easy to defeat.
> RDRAND is awful.  I had hoped for better.

RDRAND can also fail.

> So perhaps we need a little percpu buffer that collects 64 bits of
> randomness at a time, shifts out the needed bits, and refills the
> buffer when we run out.

I'd like to avoid saving the _exact_ details of where the next offset
will be, but if nothing else works, this should be okay. We can use 8
bits at a time and call prandom_u32() every 4th call. Something like
prandom_bytes(), but where it doesn't throw away the unused bytes.

-- 
Kees Cook

Powered by blists - more mailing lists