We use cookies to ensure you get the best experience on our website
Startseite Erkunden Hilfe
Registrieren Anmelden
0ct0pu5
/
ladybird
1
0
Fork 0
Dateien Issues 0 Pull-Requests 0 Wiki
Quellcode durchsuchen

Kernel: Use RDTSC instead of get_fast_random() for syscall stack noise

This was the original approach before we switched to get_fast_random()
which wasn't fast enough, so we added a buffer.

Unfortunately that buffer is racy and we can actually skid past the end
of it and continue fetching "random" offsets from the adjacent memory
for a while, until we run out of kernel data segment and trip a fault.

Instead of making this even more convoluted, let's just go back to the
pleasantly simple (RDTSC & 0xff) approach. :^)

Fixes #4912.
Andreas Kling vor 4 Jahren
Ursprung
05c48cc8d8
Commit
dce030eefc
1 geänderte Dateien mit 6 neuen und 13 gelöschten Zeilen
Geteilte Ansicht Diff-Statistik anzeigen
  1. 6 13
      Kernel/Syscall.cpp

+ 6 - 13
Kernel/Syscall.cpp
Datei anzeigen 

@@ -1,5 +1,5 @@
 
 /*
 
- * Copyright (c) 2018-2020, Andreas Kling <kling@serenityos.org>
 
+ * Copyright (c) 2018-2021, Andreas Kling <kling@serenityos.org>
 
  * All rights reserved.
 
  *
 
  * Redistribution and use in source and binary forms, with or without
 
@@ -28,7 +28,6 @@
 
 #include <Kernel/Arch/i386/CPU.h>
 
 #include <Kernel/Panic.h>
 
 #include <Kernel/Process.h>
 
-#include <Kernel/Random.h>
 
 #include <Kernel/ThreadTracer.h>
 
 #include <Kernel/VM/MemoryManager.h>
 
 
@@ -137,10 +136,6 @@ KResultOr<FlatPtr> handle(RegisterState& regs, FlatPtr function, FlatPtr arg1, F
 
 
 }
 
 
-constexpr int RandomByteBufferSize = 256;
 
-u8 g_random_byte_buffer[RandomByteBufferSize];
 
-int g_random_byte_buffer_offset = RandomByteBufferSize;
 
-
 
 void syscall_handler(TrapFrame* trap)
 
 {
 
     auto& regs = *trap->regs;
 
@@ -160,13 +155,11 @@ void syscall_handler(TrapFrame* trap)
 
 
     // Apply a random offset in the range 0-255 to the stack pointer,
 
     // to make kernel stacks a bit less deterministic.
 
-    // Since this is very hot code, request random data in chunks instead of
 
-    // one byte at a time. This is a noticeable speedup.
 
-    if (g_random_byte_buffer_offset == RandomByteBufferSize) {
 
-        get_fast_random_bytes(g_random_byte_buffer, RandomByteBufferSize);
 
-        g_random_byte_buffer_offset = 0;
 
-    }
 
-    auto* ptr = (char*)__builtin_alloca(g_random_byte_buffer[g_random_byte_buffer_offset++]);
 
+    u32 lsw;
 
+    u32 msw;
 
+    read_tsc(lsw, msw);
 
+
 
+    auto* ptr = (char*)__builtin_alloca(lsw & 0xff);
 
     asm volatile(""
 
                  : "=m"(*ptr));

Contact | Legal | Takedown | Status
Self-hosted public services - About
NibbleSpot by 0ct0pu5