Received: by 2002:a25:4158:0:0:0:0:0 with SMTP id o85csp448104yba; Thu, 9 May 2019 00:03:10 -0700 (PDT) X-Google-Smtp-Source: APXvYqwllWpwxVqVGLvkLrtoQpZAVM0z3+lgvppocsEryx8VcRdz4Y6povmZgywuAXez5VIcZvxB X-Received: by 2002:a63:4c45:: with SMTP id m5mr3415587pgl.78.1557385390445; Thu, 09 May 2019 00:03:10 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1557385390; cv=none; d=google.com; s=arc-20160816; b=FC3N5ufCEn51m88sKAG1xHsAXUwsLD1nH8z9ojLiROUfYj7l2ocfmP8k+S7a03XPAF HWHtxo7Ze/OkDCBZVNJzwUzkb1lwnQa+3CBVK0xs4JrbpBhLYhIDgG8ALbGYtj+NbZsG 25oEwN6K5YZIkQD2tBBVX/UCgrcecVKH52i8cOfzfT5lvg+sTdTTZDyAtWLJtE0Jj8+G 3Eup5fHi3DYBwaQtntXLJc2HsGoQVpqG6dqva9xcmbTfxE/17v/gM3FDr65E0QmIvVKE 0f5HK+vaoNh1tDpkL/61rPe3MozJCjNnTwmqd4DzpgaGfMZqdJHDQV+0f9j+3fYFcmS1 cJzQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:content-transfer-encoding :dlp-reaction:dlp-version:dlp-product:content-language :accept-language:in-reply-to:references:message-id:date:thread-index :thread-topic:subject:cc:to:from; bh=fjfRKHCuiOMMqSyrNetgj7cHTXZvC904PkoxGrkMAmw=; b=j6KRJD73ym2TLxOJ+IKknjkoTO81T+HgbuzAwGYyipW9+uiNAbLUhkTmrRcL1o9j+G D20gMEd9scCwqAv2Xf6IJAMytls2Q+yl2RAePVtxdzZuyxW985vhV8XshIdpetiw8DBX n+WowztGlqzkoEDLREGC7nw9w7VZ/Ncg35nxOVNTQDsFH9dh514Gyh9YGwj/I7P/eo05 7PnxrCqn0/Rz/sexO2Kltmnel3dJmlDPiQR5RnuvyVOQdsZ16xMeM7G7nCx+/PLQV8pp iJn/rXzrK/O32HTEMYH7mC2WwZSB8KZUSKz98aWu9bOwDsXQ9XjNoHVvqJyVh6mDPO86 nRVw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id r10si1858724pgp.30.2019.05.09.00.02.54; Thu, 09 May 2019 00:03:10 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726705AbfEIHB0 convert rfc822-to-8bit (ORCPT + 99 others); Thu, 9 May 2019 03:01:26 -0400 Received: from mga03.intel.com ([134.134.136.65]:53596 "EHLO mga03.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725908AbfEIHB0 (ORCPT ); Thu, 9 May 2019 03:01:26 -0400 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga002.jf.intel.com ([10.7.209.21]) by orsmga103.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 09 May 2019 00:01:25 -0700 X-ExtLoop1: 1 Received: from irsmsx106.ger.corp.intel.com ([163.33.3.31]) by orsmga002.jf.intel.com with ESMTP; 09 May 2019 00:01:21 -0700 Received: from irsmsx102.ger.corp.intel.com ([169.254.2.21]) by IRSMSX106.ger.corp.intel.com ([169.254.8.235]) with mapi id 14.03.0415.000; Thu, 9 May 2019 08:01:20 +0100 From: "Reshetova, Elena" To: Ingo Molnar CC: David Laight , Andy Lutomirski , Theodore Ts'o , Eric Biggers , "ebiggers@google.com" , "herbert@gondor.apana.org.au" , Peter Zijlstra , "keescook@chromium.org" , Daniel Borkmann , "linux-kernel@vger.kernel.org" , "jpoimboe@redhat.com" , "jannh@google.com" , "Perla, Enrico" , "mingo@redhat.com" , "bp@alien8.de" , "tglx@linutronix.de" , "gregkh@linuxfoundation.org" , "Edgecombe, Rick P" , Linus Torvalds , Peter Zijlstra Subject: RE: [PATCH] x86/entry/64: randomize kernel stack offset upon syscall Thread-Topic: [PATCH] x86/entry/64: randomize kernel stack offset upon syscall Thread-Index: AQHU81HQwzT9MH4dM0y/JZXnSwiYT6Y8wW2AgAAdM1CAAXexAIAANZ3ggAAW1gCAAApRgIAAMeKAgAAd+PCAAQuGgIAAYQuAgAAKhwCACsPi4IADJTwAgAAcagCAAExngIAEBbGAgACIbACAAbyQ8IAA626AgAGZfXCAAARpgIAAWpuAgAAF74CAABf/AIAAAvkAgAGZnrD///dzgIAHjbaA///31ICAAC4VAIABBxmAgAAfuaA= Date: Thu, 9 May 2019 07:01:19 +0000 Message-ID: <2236FBA76BA1254E88B949DDB74E612BA4C7741F@IRSMSX102.ger.corp.intel.com> References: <2e55aeb3b39440c0bebf47f0f9522dd8@AcuMS.aculab.com> <20190502150853.GA16779@gmail.com> <20190502164524.GB115950@gmail.com> <2236FBA76BA1254E88B949DDB74E612BA4C6F523@IRSMSX102.ger.corp.intel.com> <2236FBA76BA1254E88B949DDB74E612BA4C760A7@IRSMSX102.ger.corp.intel.com> <20190508113239.GA33324@gmail.com> <2236FBA76BA1254E88B949DDB74E612BA4C762F7@IRSMSX102.ger.corp.intel.com> <20190509055915.GA58462@gmail.com> In-Reply-To: <20190509055915.GA58462@gmail.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: dlp-product: dlpe-windows dlp-version: 11.0.600.7 dlp-reaction: no-action x-ctpclassification: CTP_NT x-titus-metadata-40: eyJDYXRlZ29yeUxhYmVscyI6IiIsIk1ldGFkYXRhIjp7Im5zIjoiaHR0cDpcL1wvd3d3LnRpdHVzLmNvbVwvbnNcL0ludGVsMyIsImlkIjoiMjdhMDJkMGUtYzAwMS00ZTkwLWJiODItNDRiMTgzNzhiMGQyIiwicHJvcHMiOlt7Im4iOiJDVFBDbGFzc2lmaWNhdGlvbiIsInZhbHMiOlt7InZhbHVlIjoiQ1RQX05UIn1dfV19LCJTdWJqZWN0TGFiZWxzIjpbXSwiVE1DVmVyc2lvbiI6IjE3LjEwLjE4MDQuNDkiLCJUcnVzdGVkTGFiZWxIYXNoIjoiOFMwTGRwXC9OTjY5OVg1WFA2cjFWeUhGcmkwT05Wb0h3WFJlc2M5OGhRM0p0WURZZTFiemVKVHBDS0RRaDV4ODEifQ== x-originating-ip: [163.33.239.181] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 8BIT MIME-Version: 1.0 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org > * Reshetova, Elena wrote: > > > > * Reshetova, Elena wrote: > > > > > > > CONFIG_PAGE_TABLE_ISOLATION=n: > > > > > > > > base: Simple syscall: 0.0510 microseconds > > > > get_random_bytes(4096 bytes buffer): Simple syscall: 0.0597 microseconds > > > > > > > > So, pure speed wise get_random_bytes() with 1 page per-cpu buffer wins. > > > > > > It still adds +17% overhead to the system call path, which is sad. > > > Why is it so expensive? > > > > I guess I can experiment further with buffer size increase and/or > > using HW acceleration (I mostly played around different rdrand paths now). > > > > What would be acceptable overheard approximately (so that I know how > > much I need to squeeze this thing)? > > As much as possible? No idea, I'm sad about anything that is more than > 0%, and I'd be *really* sad about anything more than say 1-2%. Ok, understood. > > I find it ridiculous that even with 4K blocked get_random_bytes(), which > gives us 32k bits, which with 5 bits should amortize the RNG call to > something like "once per 6553 calls", we still see 17% overhead? It's > either a measurement artifact, or something doesn't compute. If you check what happens underneath of get_random_bytes(), there is a fair amount of stuff that is going on, including reseeding CRNG if reseeding interval has passed (see _extract_crng()). It also even attempts to stir in more entropy from rdrand if avalaible: I will look into this whole construction slowly now to investigate. I did't optimize anything yet also (I take 8 bits at the time for offset), but these small optimization won't make performance impact from 17% --> 2%, so pointless for now, need a more radical shift. Best Regards, Elena.