Restricting rdtsc [was: kernel aslr]

[Maxime Villard <max%m00nbsd.net@localhost>]

Having read several papers on the exploitation of cache latency to defeat
aslr (kernel or not), it appears that disabling the rdtsc instruction is a
good mitigation on x86. However, some applications can legitimately use it,
so I would rather suggest restricting it to root instead.

The idea is simple: we set CR4_TSD in %cr4, the first time an application
uses rdtsc it faults, we look at the creds of the lwp, if it is root we
remove CR4_TSD from %cr4 and re-execute the instruction in userland (which
won't fault this time), otherwise we send a segfault.

Obviously we need to take care of context switches, but that's not a big
deal. The result is that a process must have super-user rights the first time
it uses rdtsc. It seems that it is sufficient to mitigate side-channels - if
an attacker can execute super-user code we're fucked anyway - and it leaves
a possibility for userland to still use rdtsc as root.

What about this?

Note: rdtsc is not a serializing instruction, but it does not matter since
iret is, and therefore we are not reducing the accuracy of the counter when
returning to userland with this method.