Received: by 2002:a25:4158:0:0:0:0:0 with SMTP id o85csp1779201yba;
        Sat, 27 Apr 2019 07:00:46 -0700 (PDT)
X-Google-Smtp-Source: APXvYqzZaaYkpx32iKOXdSLJB3/bSWgbpInkPutaCA8VKK80tiFZmtaOZlZ+vSuyjYUspEm3sISb
X-Received: by 2002:a17:902:7084:: with SMTP id z4mr53478800plk.305.1556373646691;
        Sat, 27 Apr 2019 07:00:46 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1556373646; cv=none;
        d=google.com; s=arc-20160816;
        b=dx4yaXVsObl/S9kWmYaLPuZUzIIGFKI9xaJKdv3BhnLIx4fzrVxqycJwk8MJLBuEub
         UbjoStsXgsnAHu+QymPqd+PXmNNDC1XkLNxI8MUNcpmzmssiznPdZRtBusLH4N8MWREF
         qTsbHnFceoqs/eyKkYiPw5KRCLx5NaCwdmilcnR/OJm56TVR+RWLKYH28ASU64zasr/B
         YlEMD5p8EWcr0BxwRBJZgUfGHrib3ioXW8eRc4paKU6WQDdxgKgy4L8hT2YrPe/f1FCX
         CtEFUzFCBwEhgjA6a2Qi064xT1Xajy/HI82upIW7ASKY5xVGMHRjpl7B8wTyN9cOudEY
         dNAA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:to:references:message-id
         :content-transfer-encoding:cc:date:in-reply-to:from:subject
         :mime-version:dkim-signature;
        bh=PI6q5rNMQB3L3EbNYvJfYnJlLDtk6q+SVS2IDRk0Rp8=;
        b=TsnmU0aBxC8c0/91IdO5G7JGanFLoOcyX0fE5MNtwbkr2tWwANSA3azKtYxrF8Pipu
         0M0gF8R8uXcCyl68Rn6iDLmg2H+5KlyuqFNCA6+IY8InkvURXsXqb4GzF2ea85/b0eSo
         zIVNx6FfvY14lxN/cXKw/5b7dW+CERbmAHkaRSIB+9tJ1q6GV+yVI+R9DSpGm6gva1r/
         5q9nqQv8W2fET3jTeOoIyJx3GDryFEQRol6DVX08M5F/xsRkJLeu+Fv5ElVLcf9fhYoR
         aHQMgB7lww7O8sHYkrX4XG5v69Cgqa6BkrTtyI0eGgoXTzpV7ic871QOVF19+m17832D
         W8fQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@amacapital-net.20150623.gappssmtp.com header.s=20150623 header.b=u9yTIjKT;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id b17si29676458pfj.200.2019.04.27.07.00.30;
        Sat, 27 Apr 2019 07:00:46 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@amacapital-net.20150623.gappssmtp.com header.s=20150623 header.b=u9yTIjKT;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1726169AbfD0N7j (ORCPT <rfc822;chenhe.dev@gmail.com>
        + 99 others); Sat, 27 Apr 2019 09:59:39 -0400
Received: from mail-pf1-f195.google.com ([209.85.210.195]:42406 "EHLO
        mail-pf1-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1725942AbfD0N7j (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Sat, 27 Apr 2019 09:59:39 -0400
Received: by mail-pf1-f195.google.com with SMTP id w25so3083119pfi.9
        for <linux-kernel@vger.kernel.org>; Sat, 27 Apr 2019 06:59:39 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=amacapital-net.20150623.gappssmtp.com; s=20150623;
        h=mime-version:subject:from:in-reply-to:date:cc
         :content-transfer-encoding:message-id:references:to;
        bh=PI6q5rNMQB3L3EbNYvJfYnJlLDtk6q+SVS2IDRk0Rp8=;
        b=u9yTIjKTT3SKeKWRO6iD3c6cD2C1LEI4Jkds0FliUgZbI0fQg69UAzwQF6W0ngyP4E
         fQ+QzhFFQUJ/HCXEspgIwVeNd3wvVBbn6Hof8ui8IuzFMnPn85k62lKi+s8+Qmd55YMI
         eFVKSs/3AdKtV1HpWGfBDUB6da2dvBlZia7nbXgbGVA+oMjf87SCKgIkwTHQTukSReCM
         BsTZ8AUdyDTRY9cMcGRljcXH1RRaeuklljR0JioD4Iyeot7bIq7LwJH5G2n2MqHjaMkh
         yOjissV8Ge8mDPj9GUPtc3FvqmqHp/9yXAxLqSO4353jJkkYPyoA6NEieGtZ8MoPtxO/
         lUxg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc
         :content-transfer-encoding:message-id:references:to;
        bh=PI6q5rNMQB3L3EbNYvJfYnJlLDtk6q+SVS2IDRk0Rp8=;
        b=kcF9aR8ECAqRxgEK6QvaBQc5vggrXkfpq5zzH9BLLx61Intv5IaVx8kXYHYjkGlpBF
         6ay5P7BpMoA890o9giQVh/P/qMrzU9w2ITjOEnnZbDx3c2eIXfdOw+t2JH7IDlRcdcNl
         pt5oRuIodmCorHz1kBjyk96hh6oDT8tVvex3KjCFzQJY2kD8o20J6LZou0HRydIoB+NM
         UewfnFO/pOvBp5wFs9MUOQXB1QnzwUYjvbho6iI4Z2yzdcLP0uEfJVSb+0FCw8IZb2p4
         Z8Sg6GzsmaEbcClNIkK8nVGVZtMpKvT2wSREBGGTyiV52GPCbC9wNLNuMmKFriKmOo1E
         x/wA==
X-Gm-Message-State: APjAAAU1lh0d/oSUm6TZJvHI7bkzFGYIMiS+G6bLvQ4Cw7UdboROD5+q
        +8fKNjX+dtDpahGDqEIpOa3Epw==
X-Received: by 2002:a63:5c56:: with SMTP id n22mr50298258pgm.108.1556373578626;
        Sat, 27 Apr 2019 06:59:38 -0700 (PDT)
Received: from ?IPv6:2601:646:c200:1ef2:a08d:668a:535c:86e9? ([2601:646:c200:1ef2:a08d:668a:535c:86e9])
        by smtp.gmail.com with ESMTPSA id g63sm43128219pfc.127.2019.04.27.06.59.37
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Sat, 27 Apr 2019 06:59:37 -0700 (PDT)
Content-Type: text/plain;
        charset=utf-8
Mime-Version: 1.0 (1.0)
Subject: Re: [PATCH] x86/entry/64: randomize kernel stack offset upon syscall
From:   Andy Lutomirski <luto@amacapital.net>
X-Mailer: iPhone Mail (16E227)
In-Reply-To: <20190426180235.GC9835@mit.edu>
Date:   Sat, 27 Apr 2019 06:59:36 -0700
Cc:     Eric Biggers <ebiggers@kernel.org>,
        "Reshetova, Elena" <elena.reshetova@intel.com>,
        "herbert@gondor.apana.org.au" <herbert@gondor.apana.org.au>,
        David Laight <David.Laight@aculab.com>,
        Ingo Molnar <mingo@kernel.org>,
        Peter Zijlstra <peterz@infradead.org>,
        "keescook@chromium.org" <keescook@chromium.org>,
        Daniel Borkmann <daniel@iogearbox.net>,
        "luto@kernel.org" <luto@kernel.org>,
        "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
        "jpoimboe@redhat.com" <jpoimboe@redhat.com>,
        "jannh@google.com" <jannh@google.com>,
        "Perla, Enrico" <enrico.perla@intel.com>,
        "mingo@redhat.com" <mingo@redhat.com>,
        "bp@alien8.de" <bp@alien8.de>,
        "tglx@linutronix.de" <tglx@linutronix.de>,
        "gregkh@linuxfoundation.org" <gregkh@linuxfoundation.org>,
        "Edgecombe, Rick P" <rick.p.edgecombe@intel.com>
Content-Transfer-Encoding: quoted-printable
Message-Id: <1EB25EC8-28A4-46C6-84E9-14858B68C815@amacapital.net>
References: <01914abbfc1a4053897d8d87a63e3411@AcuMS.aculab.com> <20190416154348.GB3004@mit.edu> <2236FBA76BA1254E88B949DDB74E612BA4C52338@IRSMSX102.ger.corp.intel.com> <9cf586757eb44f2c8f167abf078da921@AcuMS.aculab.com> <20190417151555.GG4686@mit.edu> <99e045427125403ba2b90c2707d74e02@AcuMS.aculab.com> <2236FBA76BA1254E88B949DDB74E612BA4C5E473@IRSMSX102.ger.corp.intel.com> <2236FBA76BA1254E88B949DDB74E612BA4C63E24@IRSMSX102.ger.corp.intel.com> <20190426140102.GA4922@mit.edu> <20190426174419.GB691@sol.localdomain> <20190426180235.GC9835@mit.edu>
To:     Theodore Ts'o <tytso@mit.edu>
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org



> On Apr 26, 2019, at 11:02 AM, Theodore Ts'o <tytso@mit.edu> wrote:
>=20
>> On Fri, Apr 26, 2019 at 10:44:20AM -0700, Eric Biggers wrote:
>> Would it be possibly to call ChaCha20 through the actual crypto API so th=
at SIMD
>> instructions (e.g. AVX-2) could be used?  That would make it *much* faste=
r.
>> Also consider AES-CTR with AES-NI instructions.
>=20
> It's not obvious SIMD instructions will be faster in practice, since
> it requires saving and restoring the vector/FPU registers.  If you're
> going to be doing a *lot* of vector processing (for example when doing
> block-level RAID-5 / RAID-6 computations), it might be worth it.  But
> if you're only going to be turning the crank for 12 or 20 rounds, the
> overhead of calling kernel_fpu_begin() and kernel_fpu_end() is
> probably going to make this worth it.
>=20

So generate a whole page or more of random bytes at a time and save them up f=
or when they=E2=80=99re needed.=