diff options
| author | Andreas Kling <kling@serenityos.org> | 2021-03-02 13:57:34 +0100 |
|---|---|---|
| committer | Andreas Kling <kling@serenityos.org> | 2021-03-02 14:25:38 +0100 |
| commit | dce030eefca7316ba47cc7a6151f1563a5626245 (patch) | |
| tree | 2986d41389b3499ac4eee17b5cd00ae03fc96b28 | |
| parent | 05c48cc8d8d7fb5072a7c09026770d61c61a0d1a (diff) | |
| download | serenity-dce030eefca7316ba47cc7a6151f1563a5626245.zip | |
Kernel: Use RDTSC instead of get_fast_random() for syscall stack noise
This was the original approach before we switched to get_fast_random()
which wasn't fast enough, so we added a buffer.
Unfortunately that buffer is racy and we can actually skid past the end
of it and continue fetching "random" offsets from the adjacent memory
for a while, until we run out of kernel data segment and trip a fault.
Instead of making this even more convoluted, let's just go back to the
pleasantly simple (RDTSC & 0xff) approach. :^)
Fixes #4912.
| -rw-r--r-- | Kernel/Syscall.cpp | 19 |
1 files changed, 6 insertions, 13 deletions
diff --git a/Kernel/Syscall.cpp b/Kernel/Syscall.cpp index 14f85b4c39..fa7d5a23a1 100644 --- a/Kernel/Syscall.cpp +++ b/Kernel/Syscall.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2018-2020, Andreas Kling <kling@serenityos.org> + * Copyright (c) 2018-2021, Andreas Kling <kling@serenityos.org> * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -28,7 +28,6 @@ #include <Kernel/Arch/i386/CPU.h> #include <Kernel/Panic.h> #include <Kernel/Process.h> -#include <Kernel/Random.h> #include <Kernel/ThreadTracer.h> #include <Kernel/VM/MemoryManager.h> @@ -137,10 +136,6 @@ KResultOr<FlatPtr> handle(RegisterState& regs, FlatPtr function, FlatPtr arg1, F } -constexpr int RandomByteBufferSize = 256; -u8 g_random_byte_buffer[RandomByteBufferSize]; -int g_random_byte_buffer_offset = RandomByteBufferSize; - void syscall_handler(TrapFrame* trap) { auto& regs = *trap->regs; @@ -160,13 +155,11 @@ void syscall_handler(TrapFrame* trap) // Apply a random offset in the range 0-255 to the stack pointer, // to make kernel stacks a bit less deterministic. - // Since this is very hot code, request random data in chunks instead of - // one byte at a time. This is a noticeable speedup. - if (g_random_byte_buffer_offset == RandomByteBufferSize) { - get_fast_random_bytes(g_random_byte_buffer, RandomByteBufferSize); - g_random_byte_buffer_offset = 0; - } - auto* ptr = (char*)__builtin_alloca(g_random_byte_buffer[g_random_byte_buffer_offset++]); + u32 lsw; + u32 msw; + read_tsc(lsw, msw); + + auto* ptr = (char*)__builtin_alloca(lsw & 0xff); asm volatile("" : "=m"(*ptr)); |