On Mon, Oct 2, 2017 at 4:09 PM, Taylor R Campbell < campbell+netbsd-source-change...@mumble.net> wrote:
> > Date: Mon, 2 Oct 2017 21:42:11 +0200 > > From: Joerg Sonnenberger <jo...@bec.de> > > > > On Mon, Oct 02, 2017 at 07:23:16PM +0000, Maxime Villard wrote: > > > Add a machdep.tsc_user_enable sysctl, to enable/disable the rdtsc > > > instruction in usermode. It defaults to enabled. > > > > Do we really need this change? I've said it before, I consider this a > > really stupid idea and effectively useless complexity. rdtsc is not > > necessary for precision measurement as long as an attacker is willing to > > waste CPU time, i.e. having one core spinning incrementing a counter and > > reading that one of a second core will give fairly accurate measurements > > as long as both cores are near each other. It's normally not that > > difficult to ensure that. > > Concur. The way to thwart timing side channel attacks is not to > pretend attackers don't have stop-watches; it's to avoid the variable > timing that creates the side channels in the first place. > Even if you don't have the ability to change the defective hardware? Why should I provide an attacker a stop watch? I want him/her to build their own that has the potential to be accurate enough, but is necessarily less accurate than the one I'm denying them access to. Warner
