Re: Restricting rdtsc [was: kernel aslr]

To: Maxime Villard <max%m00nbsd.net@localhost>
Subject: Re: Restricting rdtsc [was: kernel aslr]
From: Alexander Nasonov <alnsn%yandex.ru@localhost>
Date: Tue, 4 Apr 2017 19:22:11 +0100

Maxime Villard wrote:
> Le 29/03/2017 ? 00:49, Alexander Nasonov a ?crit :
> > I think this should be either all-or-nothing. You either have rdtsc as
> > a time source or you don't. Similar for rdpmc (and other performance
> > counters).
> 
> Well, the idea was to make the availability more fine-grained.
> 
> 
> Seeing the general skepticism that prevails, I guess we can just forget about
> this idea.

There are two more or less independent things: fine-grained time source
and userspace rdtsc. The latter is often used directly when vdso isn't
available. If we implement vdso, I assume that software that needs rdtsc
can be taught to call it via vdso.

With vdso implemented, we can have a flag that enables/disables
vdso globally as well as per process (paxctl?). Independetly,
the kernel can be configured to use either fine-grained or hackerproof
time source for regular (non-vdso) system calls.

Alex

References:
- Restricting rdtsc [was: kernel aslr]
  - From: Maxime Villard
- Re: Restricting rdtsc [was: kernel aslr]
  - From: Mouse
- Re: Restricting rdtsc [was: kernel aslr]
  - From: Maxime Villard
- Re: Restricting rdtsc [was: kernel aslr]
  - From: Mouse
- Re: Restricting rdtsc [was: kernel aslr]
  - From: Maxime Villard
- Re: Restricting rdtsc [was: kernel aslr]
  - From: Mouse
- Re: Restricting rdtsc [was: kernel aslr]
  - From: Maxime Villard

Prev by Date: Re: Restricting rdtsc [was: kernel aslr]
Next by Date: Re: Add a mountlist iterator (round 2)
Previous by Thread: Re: Restricting rdtsc [was: kernel aslr]
Next by Thread: Re: Restricting rdtsc [was: kernel aslr]
Indexes:

Home | Main Index | Thread Index | Old Index