From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id D398ACD11BF for ; Sat, 23 Mar 2024 12:48:13 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:Subject:Cc:To:From:Date:References: In-Reply-To:Message-Id:MIME-Version:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=tJSweZYG8w6MAOW/dAUK+QcQ3lZgMeVwo2GqtjUsqnQ=; b=xbZf5k3WwFAV1M JdTYwQVUmBzmbEUk0BHIjh0d1xB7ytX8AYVN//F+RysT2tSL1V08Y3ivymyVQ1o7J4oOsy80t9gvC zP6toEPj+zs2VHvNpWAUX+4xDgBANik8u3iimfOVg1mFITmXtDw8cPLXt+Nj72WVXO4C0GaYdfLTT caXNNfUg633gTgLoUEA15zkF0s3BbaEmJAnj/soZzphfm9rBx9AZlof1jbvNzW3RI83xLCApOe34W 5c94T4fXXq2hVedGPkkEqt2/8HzbQBJkBTysGVtu5m/bgIXjs8Qax1ED5/vAwk/VYswdzJKSl9Rr8 sQJKZ8nStzVwE6eCWChg==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.97.1 #2 (Red Hat Linux)) id 1ro0n1-0000000AOlx-1sue; Sat, 23 Mar 2024 12:47:59 +0000 Received: from wfout5-smtp.messagingengine.com ([64.147.123.148]) by bombadil.infradead.org with esmtps (Exim 4.97.1 #2 (Red Hat Linux)) id 1ro0my-0000000AOl2-1awO for linux-arm-kernel@lists.infradead.org; Sat, 23 Mar 2024 12:47:58 +0000 Received: from compute5.internal (compute5.nyi.internal [10.202.2.45]) by mailfout.west.internal (Postfix) with ESMTP id DF3811C000A7; Sat, 23 Mar 2024 08:47:50 -0400 (EDT) Received: from imap51 ([10.202.2.101]) by compute5.internal (MEProxy); Sat, 23 Mar 2024 08:47:52 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=arndb.de; h=cc :cc:content-type:content-type:date:date:from:from:in-reply-to :in-reply-to:message-id:mime-version:references:reply-to:subject :subject:to:to; s=fm1; t=1711198070; x=1711284470; bh=no3SxpIrjY uNJG9JdLGwJceQHSCubNomtZhDzLJ/D4o=; b=epygnKxeUHDKv/1k8Tp6dWRUzA QjRORAIJdjyi+4voAuYw3zil0q9w2xtCJLqnqIIltzo9zW/INN5mfqU28X9ykelU uXDHsrwuHNXk5/IRa1SprNynh+6h4ca7nzjox4+tgdxd1kX3O8KX2Nut7Qy0Q2SU aXcerVaYPHRjijlcAJZEM2jc1e9kgg3ASmI6RgCGwjOPaN8x+8Z10AtrWfo43Bl8 JTvSirUgRSD+Y4mNngF61z69NorJvRLPtzgfPUIewhr9q8JS9BdlrdwOcWZiwCd5 HW3ONw2gveusbmHYoMUWtZekbt63Pnq74V7hV6cgzjCLdYaXo6xQveGXrg8w== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-type:content-type:date:date :feedback-id:feedback-id:from:from:in-reply-to:in-reply-to :message-id:mime-version:references:reply-to:subject:subject:to :to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s= fm2; t=1711198070; x=1711284470; bh=no3SxpIrjYuNJG9JdLGwJceQHSCu bNomtZhDzLJ/D4o=; b=rWHPG+djIQkMTy7dtpYCukU5eXVYdVF5nJEwLAmtIyyx YM+oSx2HAHvNEEORhOTWM3rFSj6opLGuLMjidwamWbdwG53Luv690zsJciwnNARl xinbwufK1SVOY48KBufE9ZxdfgwJ3WcE4vpyr6ksu0KQahLl+EvjoDInVQEoMwDi x2wPgy9v86CCvmWFMeeq9yROkRmtupo/0G7o07xkQN9Jv3xxx2abC0KzgPzJU4Gh oKEZ7+u4Q1OYiI7NlJv3yGLIkJ6B0zOsKqbR6SuclltnHI1uEbmOTSKmVFi/OACl nYwUl3O1XBZNLIbjvKXdlJfKeun386Wt1muNfoTuIQ== X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvledruddtgedggeehucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne cujfgurhepofgfggfkjghffffhvfevufgtsehttdertderredtnecuhfhrohhmpedftehr nhguuceuvghrghhmrghnnhdfuceorghrnhgusegrrhhnuggsrdguvgeqnecuggftrfgrth htvghrnhepffehueegteeihfegtefhjefgtdeugfegjeelheejueethfefgeeghfektdek teffnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomheprg hrnhgusegrrhhnuggsrdguvg X-ME-Proxy: Feedback-ID: i56a14606:Fastmail Received: by mailuser.nyi.internal (Postfix, from userid 501) id 8DE76B6008D; Sat, 23 Mar 2024 08:47:49 -0400 (EDT) X-Mailer: MessagingEngine.com Webmail Interface User-Agent: Cyrus-JMAP/3.11.0-alpha0-332-gdeb4194079-fm-20240319.002-gdeb41940 MIME-Version: 1.0 Message-Id: In-Reply-To: <2ebe2ea5-b107-4020-8e60-ff8cf43a3aab@arm.com> References: <20240305221824.3300322-1-jeremy.linton@arm.com> <20240305221824.3300322-2-jeremy.linton@arm.com> <202403051526.0BE26F99E@keescook> <34351804-ad1d-498f-932a-c1844b78589f@app.fastmail.com> <38f9541b-dd88-4d49-af3b-bc7880a4e2f4@arm.com> <2ebe2ea5-b107-4020-8e60-ff8cf43a3aab@arm.com> Date: Sat, 23 Mar 2024 13:47:29 +0100 From: "Arnd Bergmann" To: "Jeremy Linton" , "Kees Cook" Cc: linux-arm-kernel@lists.infradead.org, "Catalin Marinas" , "Will Deacon" , "Jason A . Donenfeld" , "Gustavo A. R. Silva" , "Mark Rutland" , "Steven Rostedt" , "Mark Brown" , "Guo Hui" , Manoj.Iyer@arm.com, linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org, "James Yang" , "Shiyou Huang" Subject: Re: [PATCH 1/1] arm64: syscall: Direct PRNG kstack randomization X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20240323_054756_709001_8B85F750 X-CRM114-Status: GOOD ( 24.37 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org On Sat, Mar 23, 2024, at 00:40, Jeremy Linton wrote: > On 3/8/24 14:29, Arnd Bergmann wrote: >> On Fri, Mar 8, 2024, at 17:49, Jeremy Linton wrote: >>> On 3/7/24 05:10, Arnd Bergmann wrote: >>>> >>>> I'm not sure I understand the logic. Do you mean that accessing >>>> CNTVCT itself is slow, or that reseeding based on CNTVCT is slow >>>> because of the overhead of reseeding? >>> >>> Slow, as in, its running at a much lower frequency than a cycle counter. >> >> Ok, I see. Would it be possible to use PMEVCNTR0 instead? > > So, I presume you actually mean PMCCNTR_EL0 because I don't see the > point of a dedicated event, although maybe... Right, that would make more sense. > So, the first and maybe largest problem is the PMxxx registers are all > optional because the PMU is optional! Although, they are strongly > recommended and most (AFAIK) machines do implement them. So, maybe if > its just using a cycle counter to dump some entropy into rnd_state it > becomes a statement that kstack randomization is slower or unsupported > if there isn't a PMU? I think that sounds workable, especially as there is already the randomize_kstack_offset=on/off conditional at boot time, it could fall back to just not randomizing and print a warning if the feature is enabled but unavailable at boot time. > But then we have to basically enable the PMU cycle counter globally, > which requires reworking how it works, because the cycle counter is > enabled/disabled and reset on the fly depending on whether the user is > trying to profile something. So, I have hacked that up, and it appears > to be working, although i'm not sure what kind of interaction will > happen with KVM yet. > > But I guess the larger question is whether its worth changing the PMU > behavior for this? I don't know too much about how the PMU works in detail, but I'm also worried about two possible issues that end up preventing us from using it in practice: - if enabling PMCCNTR_EL0 takes away one of the limited number of available counters, we probably don't want to go there - similarly, I would expect it to have a nonzero power consumption if the default is to have the clock disabled and non-counting. Probably not a big deal for server machines, but could be an issue on battery powered embedded devices. Arnd _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel