Re: Restricting rdtsc [was: kernel aslr]

To: tech-kern%NetBSD.org@localhost
Subject: Re: Restricting rdtsc [was: kernel aslr]
From: Mouse <mouse%Rodents-Montreal.ORG@localhost>
Date: Tue, 28 Mar 2017 12:01:01 -0400 (EDT)

> Having read several papers on the exploitation of cache latency to
> defeat aslr (kernel or not), it appears that disabling the rdtsc
> instruction is a good mitigation on x86.

I don't really know x86.  But, based on the little I do know, my
reactions are:

(1) Please provide a kernel build option to remove the restriction.
There probably aren't very many systems where fast precise time for
nonprivileged users is considered more important than defeating
defeating ASLR, but I'd be astonished if there were none.  (I'm
reminded of the _huge_ performance hit non-executable stack imposed on
a few of my programs back when it came in; it was so bad I ended up
removing that change from the kernel.)

(2) Does that actually help, or does it just compel the attacker to use
cruder timers and thus longer test runs?  (Or is that enough difference
that you believe it would actually help in practice?)

(3) Do you maybe want to log something, and/or print to the process's
tty and/or the console, so that users whose programs start mysteriously
crashing have at least a fighting chance of figuring out why?

/~\ The ASCII				  Mouse
\ / Ribbon Campaign
 X  Against HTML		mouse%rodents-montreal.org@localhost
/ \ Email!	     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B

Follow-Ups:
- Re: Restricting rdtsc [was: kernel aslr]
  - From: Maxime Villard

References:
- Restricting rdtsc [was: kernel aslr]
  - From: Maxime Villard

Prev by Date: Restricting rdtsc [was: kernel aslr]
Next by Date: Re: Restricting rdtsc [was: kernel aslr]
Previous by Thread: Restricting rdtsc [was: kernel aslr]
Next by Thread: Re: Restricting rdtsc [was: kernel aslr]
Indexes:

Home | Main Index | Thread Index | Old Index