Re: [tip:x86/kaslr] x86, kaslr: Provide randomness functions

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 11/11/2013 11:37 AM, Kees Cook wrote:
> On Mon, Nov 11, 2013 at 11:27 AM, H. Peter Anvin <hpa@xxxxxxxxx> wrote:
>> On 11/11/2013 10:20 AM, Ingo Molnar wrote:
>>>
>>> Why aren't the 3 sources of entropy XOR-ed together?
>>
>> Note we don't want to poke i8254 if we have any other sources, as the
>> i8254 may not be present on newer systems and in some other cases not
>> safe to touch.  We can XOR in the TSC with RDRAND although it seems a
>> bit odd.
> 
> I await the final decision! :)
> 

Use the i8254 if and only if nothing else is available, it isn't safe to
touch on some newer systems.

>> HOWEVER...
>>
>> +               /* Only use the low bits of rdtsc. */
>> +               random = raw & 0xffff;
>>
>> Why?!  All that can do is throw away randomness...
> 
> Due to the 2GiB addressing and 2MiB alignment, we can never use more
> than 10 bits of entropy at maximum. The existing patches only use 9
> bits (due to page table layouts) on 64-bit and 8 bits on 32-bit.

The point is that you are already doing that masking somewhere else, it
is just odd.

>> +       /* Extend timer bits poorly... */
>> +       random |= (random << 16);
>> +#ifdef CONFIG_X86_64
>> +       random |= (random << 32);
>> +#endif
> 
> I did this so that any portion of the returned value could be used for
> the 10 bit mask.

Why?  It is standard practice to only use the low bits, and in light of
the above it is even more bizarre.  However, doing a circular multiply
might still spread in some additional entropy at least in the case of a
kexec boot on a non-RDRAND system.

>> For smearing out bits, a better way is usually to multiply with a large
>> prime number (preferably a circular multiply.)
> 
> This shouldn't be needed since we're only using the low 10 bits.

None of the above is needed in that case, although a spreading multiply
will make it less likely that you are throwing away the highest entropy
bits.

> How would you like to see this function updated to make that more
> clear? More comments?

	-hpa


--
To unsubscribe from this list: send the line "unsubscribe linux-tip-commits" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Linux Stable Commits]     [Linux Stable Kernel]     [Linux Kernel]     [Linux USB Devel]     [Linux Video &Media]     [Linux Audio Users]     [Yosemite News]     [Linux SCSI]

  Powered by Linux