Re: [tip:x86/kaslr] x86, kaslr: Provide randomness functions

[Kees Cook]

On Mon, Nov 11, 2013 at 11:27 AM, H. Peter Anvin <hpa@xxxxxxxxx> wrote:
> On 11/11/2013 10:20 AM, Ingo Molnar wrote:
>>
>> Why aren't the 3 sources of entropy XOR-ed together?
>>
>
> Note we don't want to poke i8254 if we have any other sources, as the
> i8254 may not be present on newer systems and in some other cases not
> safe to touch.  We can XOR in the TSC with RDRAND although it seems a
> bit odd.

I await the final decision! :)

> HOWEVER...
>
> +               /* Only use the low bits of rdtsc. */
> +               random = raw & 0xffff;
>
> Why?!  All that can do is throw away randomness...

Due to the 2GiB addressing and 2MiB alignment, we can never use more
than 10 bits of entropy at maximum. The existing patches only use 9
bits (due to page table layouts) on 64-bit and 8 bits on 32-bit.

> +       /* Extend timer bits poorly... */
> +       random |= (random << 16);
> +#ifdef CONFIG_X86_64
> +       random |= (random << 32);
> +#endif

I did this so that any portion of the returned value could be used for
the 10 bit mask.

> For smearing out bits, a better way is usually to multiply with a large
> prime number (preferably a circular multiply.)

This shouldn't be needed since we're only using the low 10 bits.

How would you like to see this function updated to make that more
clear? More comments?

-Kees

-- 
Kees Cook
Chrome OS Security
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/