Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 26 Apr 2013 14:50:29 -0700
From: "H. Peter Anvin" <hpa@...or.com>
To: Kees Cook <keescook@...omium.org>
CC: linux-kernel@...r.kernel.org, kernel-hardening@...ts.openwall.com,
        Thomas Gleixner <tglx@...utronix.de>, Ingo Molnar <mingo@...hat.com>,
        x86@...nel.org, Jarkko Sakkinen <jarkko.sakkinen@...el.com>,
        Matthew Garrett <mjg@...hat.com>,
        Matt Fleming <matt.fleming@...el.com>,
        Eric Northup <digitaleric@...gle.com>,
        Dan Rosenberg <drosenberg@...curity.com>,
        Julien Tinnes <jln@...gle.com>, Will Drewry <wad@...omium.org>
Subject: Re: [PATCH 4/6] x86: kaslr: select random base offset

On 04/26/2013 12:03 PM, Kees Cook wrote:
> +
> +static unsigned long get_random_long(void)
> +{
> +	if (has_cpuflag(X86_FEATURE_RDRAND)) {
> +		unsigned long random;
> +
> +		debug_putstr("KASLR using RDRAND...\n");
> +		if (rdrand(&random))
> +			return random;
> +	}
> +
> +	if (has_cpuflag(X86_FEATURE_TSC)) {
> +		uint32_t raw;
> +		unsigned long timer;
> +
> +		debug_putstr("KASLR using RDTSC...\n");
> +		rdtscl(raw);
> +
> +		/* Repeat the low bits of rdtsc. */
> +		timer = raw & 0xffff;
> +		timer |= (timer << 16);
> +#ifdef CONFIG_X86_64
> +		timer |= (timer << 32) | (timer << 48);
> +#endif
> +

This seems like a very odd thing to do.  If you want to scramble bits,
it would make more sense to do a multiply -- or much better, a
*circular* multiply -- with a large constant.

> +		return timer;
> +	}
> +
> +	debug_putstr("KASLR found no entropy source...\n");
> +	return 0;
> +}
>  

It might be safe to assume that anything old enough to lack RDTSC
(basically a 486) will have an 8254, and reading back the 8254 counter
register.

	-hpa


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.