Received: by 2002:a25:6193:0:0:0:0:0 with SMTP id v141csp1615534ybb; Thu, 26 Mar 2020 04:16:27 -0700 (PDT) X-Google-Smtp-Source: ADFU+vvNy3RF4IhcjTuvEwTrZKlm7nJkvK/9vYtdPlvOn0yVHzqSQepSvdePVi5CFqW1k+fzTRmc X-Received: by 2002:a05:6830:1d95:: with SMTP id y21mr6006484oti.180.1585221386797; Thu, 26 Mar 2020 04:16:26 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1585221386; cv=none; d=google.com; s=arc-20160816; b=R4i5Le1a8mXURA06dDM8ccUF4w8/anQQisdXNl2z8tzZGYBgVOxDet6FDu+Gb7zbGF atT7P4soErBFWvnrz7RdzY2CSln+jJ3VYRxYSFVkQMjL+HoIvd4J3JA68aMeQFWvGxW7 aaUMpcAyoOdBztb/EvbtGgRq7Oq+jsf9ednDmQMxRmziUhbaIZt7m3EXjd3fjQax8PuD vzYUkKNg25m611zaDlImJdx5RfI9yuxo1KEOzi7Cj3ZZuToP7i5VTBNd2hQ70XvJavyt Ft8Uu7nGIhEZJxdhYaegFKYdp0GPlQcm5mEjQxyDgbQkSstZV/2ZEvKd0mintScrJS05 m7hQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date; bh=l+VDWzZnuP22VFpkOj47sZDxhSi2f8eo3uTo//dPVBw=; b=J4mc54TPcTz+XKmtU4ffK2LhUTTqdcIVCjBlt/D/wD9zC7T/a48RHKGcAi3p/0ZsLC RvkqzBy5asn5zo1xDItOHQKyj5pUs3Ftf9fDf1uOLYKbCZ4Ny+UBYsnDe2G3TE6SIkhF qltxFkOcC3zct970nyx6n9ng8PKdTxDx6vpYN0czPtqGs/O7EK0CZScf+ZaN+spUQoO5 yzz29+YqXL8yIDnsVw0+i5tiRZA8ycDDEBSqPAq2514lWOde0lIEtthG3rQCpLVO/zfI dRzetnNF994hjXvAleh5n0linmO/KFbRfOHFapNXc+0EzdmqwwbektIicLxFh4TaQCLh P8Ww== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id i1si946563oto.72.2020.03.26.04.16.13; Thu, 26 Mar 2020 04:16:26 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728035AbgCZLPk (ORCPT + 99 others); Thu, 26 Mar 2020 07:15:40 -0400 Received: from foss.arm.com ([217.140.110.172]:59242 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727688AbgCZLPk (ORCPT ); Thu, 26 Mar 2020 07:15:40 -0400 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id CD1087FA; Thu, 26 Mar 2020 04:15:39 -0700 (PDT) Received: from C02TD0UTHF1T.local (usa-sjc-imap-foss1.foss.arm.com [10.121.207.14]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 531823F71F; Thu, 26 Mar 2020 04:15:36 -0700 (PDT) Date: Thu, 26 Mar 2020 11:15:21 +0000 From: Mark Rutland To: Kees Cook Cc: Thomas Gleixner , Elena Reshetova , x86@kernel.org, Andy Lutomirski , Peter Zijlstra , Catalin Marinas , Will Deacon , Alexander Potapenko , Ard Biesheuvel , Jann Horn , "Perla, Enrico" , kernel-hardening@lists.openwall.com, linux-arm-kernel@lists.infradead.org, linux-mm@kvack.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH v2 5/5] arm64: entry: Enable random_kstack_offset support Message-ID: <20200326111521.GA72909@C02TD0UTHF1T.local> References: <20200324203231.64324-1-keescook@chromium.org> <20200324203231.64324-6-keescook@chromium.org> <20200325132127.GB12236@lakrids.cambridge.arm.com> <202003251319.AECA788D63@keescook> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <202003251319.AECA788D63@keescook> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Mar 25, 2020 at 01:22:07PM -0700, Kees Cook wrote: > On Wed, Mar 25, 2020 at 01:21:27PM +0000, Mark Rutland wrote: > > On Tue, Mar 24, 2020 at 01:32:31PM -0700, Kees Cook wrote: > > > Allow for a randomized stack offset on a per-syscall basis, with roughly > > > 5 bits of entropy. > > > > > > Signed-off-by: Kees Cook > > > > Just to check, do you have an idea of the impact on arm64? Patch 3 had > > figures for x86 where it reads the TSC, and it's unclear to me how > > get_random_int() compares to that. > > I didn't do a measurement on arm64 since I don't have a good bare-metal > test environment. I know Andy Lutomirki has plans for making > get_random_get() as fast as possible, so that's why I used it here. Ok. I suspect I also won't get the chance to test that in the next few days, but if I do I'll try to share the results. My concern here was that, get_random_int() has to grab a spinlock and mess with IRQ masking, so has the potential to block for much longer, but that might not be an issue in practice, and I don't think that should block these patches. > I couldn't figure out if there was a comparable instruction like rdtsc > in aarch64 (it seems there's a cycle counter, but I found nothing in > the kernel that seemed to actually use it)? AArch64 doesn't have a direct equivalent. The generic counter (CNTxCT_EL0) is the closest thing, but its nominal frequency is typically much lower than the nominal CPU clock frequency (unlike TSC where they're the same). The cycle counter (PMCCNTR_EL0) is part of the PMU, and can't be relied on in the same way (e.g. as perf reprograms it to generate overflow events, and it can stop for things like WFI/WFE). Thanks, Mark.