From: "Maciej W. Rozycki" <macro@orcam.me.uk>
To: "H. Peter Anvin" <hpa@zytor.com>
Cc: "Jason A. Donenfeld" <Jason@zx2c4.com>,
Thomas Gleixner <tglx@linutronix.de>,
Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>,
Dave Hansen <dave.hansen@linux.intel.com>,
x86@kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH v2] x86: Disable kernel stack offset randomization for !TSC
Date: Mon, 30 Jan 2023 20:43:28 +0000 (GMT) [thread overview]
Message-ID: <alpine.DEB.2.21.2301121100120.65308@angie.orcam.me.uk> (raw)
In-Reply-To: <B71587C5-21E8-4F7C-94FB-92E2AA9F840A@zytor.com>
On Wed, 11 Jan 2023, H. Peter Anvin wrote:
> RDTSC isn't a super fast instruction either,
As someone recently mostly involved with RISC architectures I find it
interesting indeed, given that the TSC is just some kind of an integer
register (or data latch).
E.g. with the MIPS $c0_count register, which is a free-running counter
similar to the TSC, the "MFC0 reg, $c0_count" instruction executes just
about as any ordinary ALU operation, such as say ADD (there is no plain
GPR move instruction in the MIPS ISA to compare this special register move
to). Yes, the latency may be two clocks rather than one, but that's still
pretty damn fast and the extra latency can be dealt with even on scalar
microarchitectures by reordering the data consumer farther away from the
producer.
> but what is *way* more
> significant is that this use of RDTSC is NOT safe: in certain power
> states it may very well be that stone number of lower bits of TSC
> contain no entropy at all.
I wasn't aware of this limitation; certainly at its introduction TSC was
just a free-running counter with no special states.
I went after Jason's suggestion to use `get_random_u8' then, which is
both portable and the single place to make sure proper entropy is
maintained in. Thank you for your input.
Maciej
next prev parent reply other threads:[~2023-01-30 20:43 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-01-08 21:26 [PATCH v2] x86: Disable kernel stack offset randomization for !TSC Maciej W. Rozycki
2023-01-09 10:40 ` Ingo Molnar
2023-01-09 22:53 ` Maciej W. Rozycki
2023-01-10 10:47 ` Ingo Molnar
2023-01-10 13:56 ` David Laight
2023-01-10 15:19 ` Jason A. Donenfeld
2023-01-12 1:34 ` Maciej W. Rozycki
2023-01-12 1:53 ` H. Peter Anvin
2023-01-12 11:30 ` Borislav Petkov
2023-01-12 11:58 ` Maciej W. Rozycki
2023-01-30 20:43 ` Maciej W. Rozycki [this message]
2023-01-13 15:33 ` Jason A. Donenfeld
2023-01-30 20:43 ` Maciej W. Rozycki
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=alpine.DEB.2.21.2301121100120.65308@angie.orcam.me.uk \
--to=macro@orcam.me.uk \
--cc=Jason@zx2c4.com \
--cc=bp@alien8.de \
--cc=dave.hansen@linux.intel.com \
--cc=hpa@zytor.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=tglx@linutronix.de \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.