Received: by 2002:ab2:6857:0:b0:1ef:ffd0:ce49 with SMTP id l23csp1468802lqp; Fri, 22 Mar 2024 16:41:08 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCUvhXxdOQyYtpLz6kppJJh+BCNcI6K/rk+SfiU9mYspzryz/h48qXCBTVeZYq1mgNRdg1iDVBxSNxEMUe6UnmoQRBXqBgltaoB3z97acw== X-Google-Smtp-Source: AGHT+IHfITnzsaGQwyXC6cJBvVYtuSAyFPTcZLDwkdSw6vphSr9G3FjQ2Of9SrPFOzRhBRj0YBey X-Received: by 2002:a2e:22c4:0:b0:2d2:2c3e:70e with SMTP id i187-20020a2e22c4000000b002d22c3e070emr622109lji.4.1711150868022; Fri, 22 Mar 2024 16:41:08 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1711150867; cv=pass; d=google.com; s=arc-20160816; b=BPJcHEjVP7ElfAwUM2NPyOfGbTYIAQ0OfDw2mqi3C0djLOkIb9gzHqhPFJi076XV9I wtorQV3y5Lfj7jneRDzjJhLWbP2F+e/EVJAiSNdr4MR0GelLK8g5CJTWrGGVkXuuRceF 3kj7I1xIzw8sepicxT0rZVy+/R3kI1AeKO0xzKemYDke439fiQoUXKZAnIBQcZc+/2ez 3JmpYCUnEOdES5Sn5uhXmEnhh7nZK7JWIgjMK8GO9Sp4H/bgiQPiwJglThmtGWFFhzXV WDS3EKQmPSjQJvJjsJBv/wGSVZxCPTCnr7N8xCesy08gc+iKo+GJntabELAqSZedDjPC 9CzA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:in-reply-to:from:references:cc:to :content-language:subject:user-agent:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:date:message-id; bh=MA+ADgFKxQ1bdXp3L24Bg+A5CMmdYNeuI4H2EcBJJgM=; fh=J81keYTTAG1SJv1mr+VoPqfHvQJfykAI+vxMBZGckP0=; b=nYRN3wpPa7jIqgKbeyWK+0MUJ29qG/5WaSs7LlqtkPFh3kAvwn4My8R+FPHnqu6l7p I2quxS1cD245Ns0lbegGw7p47SaiXgfChWF1ZELBY/EqZoyy9drA6boxp9sIP3DsaUXI r35zak37zFUFehG4BL2wGJ7Ic5MCTbftLx1B1vSCQWT4JuUspfNsYf+rnf9IihrpoeHh 3TAjY+Ph/san7SeLjcxjN35x1YycQavKVtwicsCCq4GSSzI5R3hFHs8cRLHcwTKUEPaK DQVBMzhe/u8vEWOcflOrT/VPq3t+otQrLT/rxa51UQG7jxWtW7P3NOYl0TSFhAXIPlCU aY2g==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; arc=pass (i=1 spf=pass spfdomain=arm.com dmarc=pass fromdomain=arm.com); spf=pass (google.com: domain of linux-kernel+bounces-112109-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-112109-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=arm.com Return-Path: Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [147.75.80.249]) by mx.google.com with ESMTPS id t17-20020a056402241100b0056bf30653f6si286957eda.201.2024.03.22.16.41.07 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 22 Mar 2024 16:41:07 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-112109-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) client-ip=147.75.80.249; Authentication-Results: mx.google.com; arc=pass (i=1 spf=pass spfdomain=arm.com dmarc=pass fromdomain=arm.com); spf=pass (google.com: domain of linux-kernel+bounces-112109-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-112109-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=arm.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id B4F7D1F24236 for ; Fri, 22 Mar 2024 23:41:07 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id D057582C7E; Fri, 22 Mar 2024 23:41:00 +0000 (UTC) Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 1ED2782C67; Fri, 22 Mar 2024 23:40:56 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=217.140.110.172 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1711150860; cv=none; b=dcJGmi1KgqoBx4QRskqK4lllgSfd1/Pqrp6yqV8jbFejS73PLN7aM+xayUcdWVBWBEcCM/xV2iEtqHN1dWURZsi6+vKl3Os2Ntz9L/olr6w6JrU6BqLEmxPvfCkwu6PEj3HTAkjts2my7uqUS4+SEw/+JwbZqhgz8B1p+6udEYI= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1711150860; c=relaxed/simple; bh=zuvDOu0/rlT7v5UCGQJmr8VHmsa8qBfwFGOMkQvldK4=; h=Message-ID:Date:MIME-Version:Subject:To:Cc:References:From: In-Reply-To:Content-Type; b=E5ka5Jz0iMw55ZTDdlCaqqx561BVZE2BSn1i0dXMGuQgiC3ix4pJgj5ET1UghlqM9tM6uTUD6nfl2jgw0W9iHtnIF+02psFtusY4b0FvqtawxuxlVdJd1SyUSFnOjeVxC1pohf03lAi7N2zXSVUmN3LUydbEPKcdMNmYPJLGtqQ= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=arm.com; spf=pass smtp.mailfrom=arm.com; arc=none smtp.client-ip=217.140.110.172 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=arm.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=arm.com Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 56537DA7; Fri, 22 Mar 2024 16:41:30 -0700 (PDT) Received: from [172.27.42.98] (unknown [172.31.20.19]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 202903F762; Fri, 22 Mar 2024 16:40:55 -0700 (PDT) Message-ID: <2ebe2ea5-b107-4020-8e60-ff8cf43a3aab@arm.com> Date: Fri, 22 Mar 2024 18:40:54 -0500 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [PATCH 1/1] arm64: syscall: Direct PRNG kstack randomization Content-Language: en-US To: Arnd Bergmann , Kees Cook Cc: linux-arm-kernel@lists.infradead.org, Catalin Marinas , Will Deacon , "Jason A . Donenfeld" , "Gustavo A. R. Silva" , Mark Rutland , Steven Rostedt , Mark Brown , Guo Hui , Manoj.Iyer@arm.com, linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org, James Yang , Shiyou Huang References: <20240305221824.3300322-1-jeremy.linton@arm.com> <20240305221824.3300322-2-jeremy.linton@arm.com> <202403051526.0BE26F99E@keescook> <34351804-ad1d-498f-932a-c1844b78589f@app.fastmail.com> <38f9541b-dd88-4d49-af3b-bc7880a4e2f4@arm.com> From: Jeremy Linton In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Hi, Sorry about the delay here, PTO and I actually wanted to verify my assumptions. On 3/8/24 14:29, Arnd Bergmann wrote: > On Fri, Mar 8, 2024, at 17:49, Jeremy Linton wrote: >> On 3/7/24 05:10, Arnd Bergmann wrote: >>> >>> I'm not sure I understand the logic. Do you mean that accessing >>> CNTVCT itself is slow, or that reseeding based on CNTVCT is slow >>> because of the overhead of reseeding? >> >> Slow, as in, its running at a much lower frequency than a cycle counter. > > Ok, I see. Would it be possible to use PMEVCNTR0 instead? So, I presume you actually mean PMCCNTR_EL0 because I don't see the point of a dedicated event, although maybe... So, the first and maybe largest problem is the PMxxx registers are all optional because the PMU is optional! Although, they are strongly recommended and most (AFAIK) machines do implement them. So, maybe if its just using a cycle counter to dump some entropy into rnd_state it becomes a statement that kstack randomization is slower or unsupported if there isn't a PMU? But then we have to basically enable the PMU cycle counter globally, which requires reworking how it works, because the cycle counter is enabled/disabled and reset on the fly depending on whether the user is trying to profile something. So, I have hacked that up, and it appears to be working, although i'm not sure what kind of interaction will happen with KVM yet. But I guess the larger question is whether its worth changing the PMU behavior for this? Thanks,