RE: [PATCH] x86/entry/64: randomize kernel stack offset upon syscall

[David Laight]

From: Ingo Molnar
> Sent: 02 May 2019 16:09
> * Andy Lutomirski <luto@xxxxxxxxxx> wrote:
> 
> > Or we decide that calling get_random_bytes() is okay with IRQs off and
> > this all gets a bit simpler.
> 
> BTW., before we go down this path any further, is the plan to bind this
> feature to a real CPU-RNG capability, i.e. to the RDRAND instruction,
> which excludes a significant group of x86 of CPUs?

It has already been measured - it is far too slow.
Even just using 6 bits so it doesn't have to be read every system call is
probably a significant overhead (I don't think that was tested though).

I do agree that using 'real' randomness is probably OTT here.

> Because calling tens of millions of system calls per second will deplete
> any non-CPU-RNG sources of entropy and will also starve all other users
> of random numbers, which might have a more legitimate need for
> randomness, such as the networking stack ...

If the function you use to generate random numbers from the 'entropy
pool' isn't reversible (in a finite time) I don't think you really need
to worry about bits-in v bits-out.

	David

-
Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK
Registration No: 1397386 (Wales)