Received: by 2002:a05:6358:a55:b0:ec:fcf4:3ecf with SMTP id 21csp1133167rwb; Fri, 13 Jan 2023 08:18:14 -0800 (PST) X-Google-Smtp-Source: AMrXdXv4Hvty8rcaE5XEN+MkM27q8x9hYAkpvJHucrBPU9oyBNynK/jU1M4G5zi9EQSRk1D95c40 X-Received: by 2002:a17:90a:70ca:b0:229:2bbb:261f with SMTP id a10-20020a17090a70ca00b002292bbb261fmr2402112pjm.8.1673626694234; Fri, 13 Jan 2023 08:18:14 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1673626694; cv=none; d=google.com; s=arc-20160816; b=Jbg5vLThM3JjMNeB1uviIkE7ZVBWR+bZ55AZxWp4XHZwpDTRDH6zxK9MEIJPumrgXo dUkJTDEkgzpfFrnf2Gt+LhjGV1afGs0IN7vDKAfn89DBXq1dlkt8L7Xl9IT2jQnAqB26 6uFgNzkRl6ZERA1ietiVDaZCkpQqj2pQAuLnzANNaqwMBqWsLbMcxjVKZiaVYlMwhwG7 O9Z+lgr69RSmDP1yNzWb+bXLfVZgeUHxF6Fi4vaZNvrf4zVak8xuMs+jRuHPk02Y7c3p Pay6rgitmd+jpSGDu5ZPKSn/y7UbrTL7QpCg658LZZXQBr6ubYfBw4nMTDC3GIvfzh+S Qpiw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=1V+NP/P+0D5lj6C9ODkA/x3MZDk+pZ4mGwXIBnl4UJo=; b=JWc0nA6HpOAx0x1DcYhCu5RK/vHAzJjKnU9jMY+xjGTc22BK+y/fby7oi/Gn+/JB/E ce6s/FH69bOR5v1jTQGAVMjoJf1ZLMMn3+HEfjTPuDbF/3XxCspWfbA9BwySKcMwYUhv FAGqVk9nGyBd4HBwBwCe9mgExNaw1xVM1202su59Ehb6EDtC2Km6Lf90mSMaMcGltZXI XBsHKdvqd1oDQsL4EB1Oub+ncez8aPpja/cbJ5O8soaZeFhh6odtW1+Ek5ul2aG1ZQQ3 4YPfbLgNrX48WUtlbRY3/S1IQDU2rung2rO3pebwbLycdL4084UeaQR0TZtSG3OyysQT 0G4A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@zx2c4.com header.s=20210105 header.b=TRUS0fhN; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=zx2c4.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id oc3-20020a17090b1c0300b002271d025b69si14675472pjb.172.2023.01.13.08.18.07; Fri, 13 Jan 2023 08:18:14 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@zx2c4.com header.s=20210105 header.b=TRUS0fhN; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=zx2c4.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229762AbjAMPnj (ORCPT + 51 others); Fri, 13 Jan 2023 10:43:39 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36212 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229757AbjAMPnP (ORCPT ); Fri, 13 Jan 2023 10:43:15 -0500 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A453C871CA for ; Fri, 13 Jan 2023 07:34:07 -0800 (PST) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 40D53620D3 for ; Fri, 13 Jan 2023 15:34:07 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 3B682C433EF for ; Fri, 13 Jan 2023 15:34:06 +0000 (UTC) Authentication-Results: smtp.kernel.org; dkim=pass (1024-bit key) header.d=zx2c4.com header.i=@zx2c4.com header.b="TRUS0fhN" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zx2c4.com; s=20210105; t=1673624043; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=1V+NP/P+0D5lj6C9ODkA/x3MZDk+pZ4mGwXIBnl4UJo=; b=TRUS0fhN/0IQMxsZwgP1sQW4zYe8LeC84NbYSPcXrOXGaqBtv9yw7Xh4uf5i/FEYbbUXDu 57jg4f1NJA+l246/8/yPjgW9QX4lo1Y1OISY3RtcPY37S1tt+qXXi5UKxVY/Y4yP26ZsEQ A8hufrrfN5QKLTw4FerJFlXXBiC6ql8= Received: by mail.zx2c4.com (ZX2C4 Mail Server) with ESMTPSA id 581cd5dd (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO) for ; Fri, 13 Jan 2023 15:34:03 +0000 (UTC) Received: by mail-yb1-f181.google.com with SMTP id 20so3695433ybl.0 for ; Fri, 13 Jan 2023 07:34:03 -0800 (PST) X-Gm-Message-State: AFqh2kr4UGMcbnjX9xruTj1MPMPqjcvP4IK9MAruxuJsFZbcYmHAoUJw k5K7WjdUufKCRKNtAtvBnm4IS13oBgsKZIQugSg= X-Received: by 2002:a25:4903:0:b0:770:d766:b5e8 with SMTP id w3-20020a254903000000b00770d766b5e8mr5829778yba.24.1673624042507; Fri, 13 Jan 2023 07:34:02 -0800 (PST) MIME-Version: 1.0 References: In-Reply-To: From: "Jason A. Donenfeld" Date: Fri, 13 Jan 2023 16:33:52 +0100 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH v2] x86: Disable kernel stack offset randomization for !TSC To: "Maciej W. Rozycki" Cc: Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , "H. Peter Anvin" , x86@kernel.org, linux-kernel@vger.kernel.org Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-6.8 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, RCVD_IN_DNSWL_HI,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi Maciej, On Thu, Jan 12, 2023 at 2:34 AM Maciej W. Rozycki wrote: > > On Tue, 10 Jan 2023, Jason A. Donenfeld wrote: > > > > Index: linux-macro/arch/x86/include/asm/entry-common.h > > > =================================================================== > > > --- linux-macro.orig/arch/x86/include/asm/entry-common.h > > > +++ linux-macro/arch/x86/include/asm/entry-common.h > > > @@ -5,6 +5,7 @@ > > > #include > > > #include > > > > > > +#include > > > #include > > > #include > > > #include > > > @@ -85,7 +86,8 @@ static inline void arch_exit_to_user_mod > > > * Therefore, final stack offset entropy will be 5 (x86_64) or > > > * 6 (ia32) bits. > > > */ > > > - choose_random_kstack_offset(rdtsc() & 0xFF); > > > + if (cpu_feature_enabled(X86_FEATURE_TSC)) > > > + choose_random_kstack_offset(rdtsc() & 0xFF); > > > > What would happen if you just called `get_random_u8()` here? > > Thank you for your input. I've had a look at the function and it seems a > bit heavyweight compared to a mere single CPU instruction, but I guess why > not. Do you have any performance figures (in terms of CPU cycles) for the > usual cases? Offhand I'm not sure how I could benchmark it myself. Generally it's very very fast, as most cases wind up being only a memcpy -- in this case, a single byte copy. So by and large it should be suitable. It's fast enough now that most networking things are able to use it. And lots of other places where you'd want really high performance. So I'd expect it's okay to use here too. And if it is too slow, we should figure out how to make it faster. But I don't suspect it'll be too slow. Resist calls to use RDRAND directly (it's much much slower, and not universally available) or to roll your own opencoded bespoke RNG. Jason