Received: by 2002:a25:1506:0:0:0:0:0 with SMTP id 6csp1740292ybv; Thu, 6 Feb 2020 09:01:16 -0800 (PST) X-Google-Smtp-Source: APXvYqxwZzzgUGLG+/jLFO9VA1cG8te0hu4SBBGM4L5qJveJ3Lp3gf8Cu4aUhxacIlbHCeFnBL2X X-Received: by 2002:a9d:5784:: with SMTP id q4mr31882923oth.278.1581008476684; Thu, 06 Feb 2020 09:01:16 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1581008476; cv=none; d=google.com; s=arc-20160816; b=nwyfLCFjrPGm2MqvGrGFgfwo74yaEqf8sdWTczMyn3jlTo9IbLaq7Z3RQqSPAFsqLl 8Fcw8X/gEjoV363UlSMidW8Teyj4n1NMJjYUMVxGIl2UCDefIed91fjXakjGe+w6DNAr dzm+GcE6LlFRKhhPMMCLeHtOSkdF8CVozsgh+QkQobSRIzCXIiUB1E9Y71gFi/Fd/pQ7 3zFnx53FchKlr6hySsWfoTseG5JGB9gNDTvuHeGM/P1j5zIL+9zNHTsbFF70uWFjpieQ MGFkR29J92k/o9UOkH3omw7DeInenmA3umajwzGylM03PK8/s6HyH1auDzb2S1PyB6j/ 2qIw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:date:cc:to:from:subject :message-id; bh=ehGJ+nfgMRSF64v9QcsO1RcQnq5LuWQ8RCTuxGHjuPM=; b=CIdrJq9BC8TuBt8MFCAG1KkS/tdkmVnLaN+5Xqr3GLA5zDSCQ8XtO+X0zbFqA7cTag fk1T+MfbEUlcCIo3VikbHZNah/Vnk50ICs2EAIjZekh0vHLZbnPMUBax6cbAWms5Vl3I 8TIZ20tsBh0NGvSzPXikx4nGQSPlIZt6eCBlU1+sxsrohotfZY8X93If5LLspCOBV6/p HkeDBw4q+Hts7MR9t8zHBvTwjJ4Mus81Lm7JSFE74MGYT+n0hom/oZMHxWQvdkAfNlx1 Gn12rKWETxn6i4G/VFjlNLQB4GszQvZ/xaB8Eo3LNMPZva+oXb7RrVxRhU6DGdzycOPh G0sw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id w13si31205oti.291.2020.02.06.09.01.01; Thu, 06 Feb 2020 09:01:16 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727754AbgBFQ6X (ORCPT + 99 others); Thu, 6 Feb 2020 11:58:23 -0500 Received: from mga01.intel.com ([192.55.52.88]:35955 "EHLO mga01.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727358AbgBFQ6W (ORCPT ); Thu, 6 Feb 2020 11:58:22 -0500 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga007.jf.intel.com ([10.7.209.58]) by fmsmga101.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 06 Feb 2020 08:58:22 -0800 X-IronPort-AV: E=Sophos;i="5.70,410,1574150400"; d="scan'208";a="220497571" Received: from kcaccard-mobl.amr.corp.intel.com (HELO kcaccard-mobl1.jf.intel.com) ([10.24.10.96]) by orsmga007-auth.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 06 Feb 2020 08:58:22 -0800 Message-ID: <2da7c2370b1bd5474ce51a22b04d81e2734232b1.camel@linux.intel.com> Subject: Re: [RFC PATCH 03/11] x86/boot: Allow a "silent" kaslr random byte fetch From: Kristen Carlson Accardi To: Andy Lutomirski Cc: tglx@linutronix.de, mingo@redhat.com, bp@alien8.de, hpa@zytor.com, arjan@linux.intel.com, keescook@chromium.org, rick.p.edgecombe@intel.com, x86@kernel.org, linux-kernel@vger.kernel.org, kernel-hardening@lists.openwall.com Date: Thu, 06 Feb 2020 08:58:22 -0800 In-Reply-To: References: <20200205223950.1212394-4-kristen@linux.intel.com> Content-Type: text/plain; charset="UTF-8" User-Agent: Evolution 3.30.5 (3.30.5-1.fc29) MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, 2020-02-05 at 17:08 -0800, Andy Lutomirski wrote: > > On Feb 5, 2020, at 2:39 PM, Kristen Carlson Accardi < > > kristen@linux.intel.com> wrote: > > > > From: Kees Cook > > > > Under earlyprintk, each RNG call produces a debug report line. When > > shuffling hundreds of functions, this is not useful information > > (each > > line is identical and tells us nothing new). Instead, allow for a > > NULL > > "purpose" to suppress the debug reporting. > > Have you counted how many RDRAND calls this causes? RDRAND is > exceedingly slow on all CPUs I’ve looked at. The whole “RDRAND has > great bandwidth” marketing BS actually means that it has decent > bandwidth if all CPUs hammer it at the same time. The latency is > abysmal. I have asked Intel to improve this, but the latency of that > request will be quadrillions of cycles :) > > It wouldn’t shock me if just the RDRAND calls account for a > respectable fraction of total time. The RDTSC fallback, on the other > hand, may be so predictable as to be useless. I think at the moment the calls to rdrand are really not the largest contributor to the latency. The relocations are the real bottleneck - each address must be inspected to see if it is in the list of function sections that have been randomized, and the value at that address must also be inspected to see if it's in the list of function sections. That's a lot of lookups. That said, I tried to measure the difference between using Kees' prng vs. the rdrand calls and found little to no measurable difference. I think at this point it's in the noise - hopefully we will get to a point where this matters more. > > I would suggest adding a little ChaCha20 DRBG or similar to the KASLR > environment instead. What crypto primitives are available there? I will read up on this.