Re: Restricting rdtsc [was: kernel aslr]

[Mouse <mouse%Rodents-Montreal.ORG@localhost>]

>> Hence also my question about changing the kernel's location at
>> runtime.  If the address space base changes every second, say, any
>> technique to discover it that takes longer than a second becomes
>> useless.
> I already thought about this a few months ago, and my conclusion back
> then was that it is very difficult to achieve if we want both good
> performance and good security.

I suspect you aren't being imaginative enough. :-)

If I were to do this, I would first make (or arrange for) compiler
options so that all memory references - both data references and
jump/call targets - are done relative to a base register.  The kernel
is built that way.  Then, whenever we want to, we (a) fiddle the MMU
and (b) change that register.  Instant kernel relocation!

Of course, that register is not exposed to userland.  Syscalls and
interrupts need a little more shim code than they have now, but not by
very much.

I'm not sure it's actually workable.  But it sounds plausible enough
that I wouldn't discard it without trying it (or discussing it with
someone who has).  The memory access stuff might impose too much
performance penalty, but that too I wouldn't assume without testing.

/~\ The ASCII				  Mouse
\ / Ribbon Campaign
 X  Against HTML		mouse%rodents-montreal.org@localhost
/ \ Email!	     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B