1
0
mirror of https://github.com/golang/go synced 2024-11-25 21:28:03 -07:00
go/api/next
Roland Shoemaker bc1da38c3d crypto/subtle: add DIT closure
Add a new function, WithDataIndependentTiming, which takes a function as
an argument, and encloses it with calls to set/unset the DIT PSTATE bit
on Arm64.

Since DIT is OS thread-local, for the duration of the execution of
WithDataIndependentTiming, we lock the goroutine to the OS thread, using
LockOSThread. For long running operations, this is likely to not be
performant, but we expect this to be tightly scoped around cryptographic
operations that have bounded execution times.

If locking to the OS thread turns out to be too slow, another option is
to add a bit to the g state indicating if a goroutine has DIT enabled,
and then have the scheduler enable/disable DIT when scheduling a g.

Additionally, we add a new GODEBUG, dataindependenttiming, which allows
setting DIT for an entire program. Running a program with
dataindependenttiming=1 enables DIT for the program during
initialization. In an ideal world PSTATE.DIT would be inherited from
the parent thread, so we'd only need to set it in the main thread and
then all subsequent threads would inherit the value. While this does
happen in the Linux kernel [0], it is not the case for darwin [1].
Rather than add complex logic to only set it on darwin for each new
thread, we just unconditionally set it in mstart1 and cgocallbackg1
regardless of the OS. DIT will already impose some overhead, and the
cost of setting the bit is only ~two instructions (CALL, MSR), so it
should be cheap enough.

Fixes #66450
Updates #49702

[0] e8bdb3c8be/arch/arm64/kernel/process.c (L373)
[1] 8d741a5de7/osfmk/arm64/status.c (L1666)

Change-Id: I78eda691ff9254b0415f2b54770e5850a0179749
Reviewed-on: https://go-review.googlesource.com/c/go/+/598336
Reviewed-by: Michael Knyszek <mknyszek@google.com>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Michael Pratt <mpratt@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
2024-11-19 16:47:03 +00:00
..
32936.txt crypto/tls: expose extensions presented by client to GetCertificate 2024-08-09 18:45:11 +00:00
36532.txt testing: add Context 2024-08-20 14:58:54 +00:00
51473.txt runtime: deprecate GOROOT 2024-08-20 22:49:59 +00:00
54670.txt hash/maphash: add WriteComparable and Comparable 2024-10-02 15:54:11 +00:00
61515.txt testing: implement testing.B.Loop 2024-09-20 19:09:41 +00:00
61901.txt bytes, strings: add Lines, SplitSeq, SplitAfterSeq, FieldsSeq, FieldsFuncSeq 2024-08-14 18:23:13 +00:00
62005.txt log/slog: add DiscardHandler 2024-11-14 22:27:09 +00:00
62384.txt net,net/netip: implement the encoding.(Binary|Text)Appender 2024-09-23 18:10:51 +00:00
62516.txt testing: add Chdir 2024-08-16 23:48:50 +00:00
63952.txt debug/elf: add SHT_GNU_VERDEF section parsing 2024-11-07 15:23:24 +00:00
66450.txt crypto/subtle: add DIT closure 2024-11-19 16:47:03 +00:00
66626.txt go/types: add go1.23 iterator methods for 10 exported types 2024-07-31 22:54:09 +00:00
67535.txt runtime: implement AddCleanup 2024-11-16 03:26:04 +00:00
67552.txt weak: move internal/weak to weak, and update according to proposal 2024-11-18 22:29:23 +00:00
67813.txt net/http: add HTTP2Config 2024-08-29 17:38:46 +00:00
67814.txt net/http: add Protocols field to Server and Transport 2024-11-05 22:14:59 +00:00
69981.txt crypto/cipher: add NewGCMWithRandomNonce 2024-11-19 16:26:40 +00:00