From: Dan Rosenberg <drosenberg@vsecurity.com>
To: Tony Luck <tony.luck@gmail.com>
Cc: Ingo Molnar <mingo@elte.hu>,
linux-kernel@vger.kernel.org, davej@redhat.com,
kees.cook@canonical.com, davem@davemloft.net, eranian@google.com,
torvalds@linux-foundation.org, adobriyan@gmail.com,
penberg@kernel.org, hpa@zytor.com
Subject: Re: [BUG] perf: bogus correlation of kernel symbols
Date: Sun, 22 May 2011 20:25:36 -0400 [thread overview]
Message-ID: <1306110336.25049.7.camel@dan> (raw)
In-Reply-To: <BANLkTik1SK_kWVvGsKk0SqdByQ5-0b5nFg@mail.gmail.com>
On Sun, 2011-05-22 at 16:49 -0700, Tony Luck wrote:
>
>
> On Sun, May 22, 2011 at 11:45 AM, Dan Rosenberg
> <drosenberg@vsecurity.com> wrote:
> 1. Is it ok to assume the existence of rdtsc? If not, what
> are other
> ways of gathering entropy early in the boot process? If this
> is the
> approach that's going to be taken, system uptime potentially
> becomes
> useful for attackers. Any thoughts on how to address this?
>
> There is a cpuid bit to tell you whether the processor supports rdtsc.
>
This might be worth checking, but it also might just be easier to
clearly document in the Kconfig that the feature requires rdtsc. I'll
play with it a bit.
> In the cold boot case, I'd worry about whether rdtsc was all that
> random,
> it counts from zero when the processors come out of cold reset, and
> things should be quite deterministic up to when the kernel loads;
> especially if you have a solid state boot drive rather than the old
> spinning kind.
>
The question really becomes whether it's "good enough". It's certainly
not cryptographic randomness, but it will produce different results on
different boots depending on a variety of factors, including
out-of-order instruction execution, multi-CPU systems, and differences
in CPU models. Even though a single machine may be slightly more likely
to produce certain offsets more often, it seems to me that it would
still accomplish the goal, because it's highly unlikely that an attacker
would be able to perform the statistical analysis necessary to figure
that out.
> Sometime soon you'll have "rdrand" available (check a different cpuid
> bit).
>
This of course is highly preferable, but I'd rather implement a solution
that's widely supported in hardware today. Perhaps further down the
road it could be switched.
> -Tony
>
>
Thanks for the feedback.
-Dan
next prev parent reply other threads:[~2011-05-23 0:25 UTC|newest]
Thread overview: 50+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <1305292059.1949.0.camel@dan>
2011-05-13 13:29 ` [BUG] perf: bogus correlation of kernel symbols Dan Rosenberg
2011-05-16 15:35 ` Ingo Molnar
2011-05-16 16:14 ` Dan Rosenberg
2011-05-20 0:56 ` Dan Rosenberg
2011-05-20 12:07 ` Ingo Molnar
2011-05-20 12:54 ` Dan Rosenberg
2011-05-20 13:11 ` Ingo Molnar
2011-05-20 17:41 ` Dan Rosenberg
2011-05-20 18:14 ` Linus Torvalds
2011-05-20 18:27 ` Kees Cook
2011-05-20 18:34 ` Dan Rosenberg
2011-05-20 18:42 ` Ingo Molnar
2011-05-20 18:28 ` Ingo Molnar
2011-05-22 6:11 ` david
2011-05-20 18:35 ` Ingo Molnar
2011-05-22 18:45 ` Dan Rosenberg
[not found] ` <BANLkTik1SK_kWVvGsKk0SqdByQ5-0b5nFg@mail.gmail.com>
2011-05-23 0:25 ` Dan Rosenberg [this message]
2011-05-23 0:37 ` H. Peter Anvin
2011-05-23 10:49 ` Ingo Molnar
2011-05-23 19:02 ` Ray Lee
2011-05-23 19:35 ` Ingo Molnar
2011-05-24 1:59 ` Valdis.Kletnieks
2011-05-24 4:06 ` Ingo Molnar
2011-05-12 14:48 Stephane Eranian
2011-05-12 18:06 ` David Miller
2011-05-12 18:37 ` Dave Jones
2011-05-12 19:01 ` David Miller
2011-05-12 19:58 ` Pekka Enberg
2011-05-13 6:12 ` Kees Cook
2011-05-13 6:24 ` Pekka Enberg
2011-05-12 20:24 ` Alexey Dobriyan
2011-05-12 21:06 ` Ingo Molnar
2011-05-12 20:31 ` Linus Torvalds
2011-05-12 20:43 ` David Miller
2011-05-12 21:07 ` Stephane Eranian
2011-05-12 21:30 ` Stephane Eranian
2011-05-12 21:35 ` Ingo Molnar
2011-05-12 21:38 ` Stephane Eranian
2011-05-12 21:50 ` Ingo Molnar
2011-05-12 21:56 ` Stephane Eranian
2011-05-12 22:00 ` Ingo Molnar
2011-05-12 22:07 ` Dave Jones
2011-05-12 22:15 ` Stephane Eranian
2011-05-13 9:01 ` Ingo Molnar
2011-05-13 8:57 ` Ingo Molnar
2011-05-13 16:23 ` Andi Kleen
2011-05-17 12:17 ` Ingo Molnar
2011-05-12 21:36 ` Ingo Molnar
2011-05-12 21:41 ` Stephane Eranian
2011-05-12 21:54 ` Ingo Molnar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1306110336.25049.7.camel@dan \
--to=drosenberg@vsecurity.com \
--cc=adobriyan@gmail.com \
--cc=davej@redhat.com \
--cc=davem@davemloft.net \
--cc=eranian@google.com \
--cc=hpa@zytor.com \
--cc=kees.cook@canonical.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@elte.hu \
--cc=penberg@kernel.org \
--cc=tony.luck@gmail.com \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox