Re: [PATCH] x86/entry/64: randomize kernel stack offset upon syscall

From: Andy Lutomirski
Date: Sat Apr 27 2019 - 09:59:45 EST

Next message: Aubrey Li: "Re: [RFC PATCH v2 00/17] Core scheduling v2"
Previous message: gregkh@xxxxxxxxxxxxxxxxxxx: "Re: [PATCH 4.14 09/69] x86: vdso: Use $LD instead of $CC to link"
In reply to: Theodore Ts'o: "Re: [PATCH] x86/entry/64: randomize kernel stack offset upon syscall"
Next in thread: Reshetova, Elena: "RE: [PATCH] x86/entry/64: randomize kernel stack offset upon syscall"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> On Apr 26, 2019, at 11:02 AM, Theodore Ts'o <tytso@xxxxxxx> wrote:
>
>> On Fri, Apr 26, 2019 at 10:44:20AM -0700, Eric Biggers wrote:
>> Would it be possibly to call ChaCha20 through the actual crypto API so that SIMD
>> instructions (e.g. AVX-2) could be used? That would make it *much* faster.
>> Also consider AES-CTR with AES-NI instructions.
>
> It's not obvious SIMD instructions will be faster in practice, since
> it requires saving and restoring the vector/FPU registers. If you're
> going to be doing a *lot* of vector processing (for example when doing
> block-level RAID-5 / RAID-6 computations), it might be worth it. But
> if you're only going to be turning the crank for 12 or 20 rounds, the
> overhead of calling kernel_fpu_begin() and kernel_fpu_end() is
> probably going to make this worth it.
>

So generate a whole page or more of random bytes at a time and save them up for when theyâre needed.

Next message: Aubrey Li: "Re: [RFC PATCH v2 00/17] Core scheduling v2"
Previous message: gregkh@xxxxxxxxxxxxxxxxxxx: "Re: [PATCH 4.14 09/69] x86: vdso: Use $LD instead of $CC to link"
In reply to: Theodore Ts'o: "Re: [PATCH] x86/entry/64: randomize kernel stack offset upon syscall"
Next in thread: Reshetova, Elena: "RE: [PATCH] x86/entry/64: randomize kernel stack offset upon syscall"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]