limit clock precision to 20 us

20 us was the value, firefox used as first response to the spectre attacks. now it's 100 us or 5 us, depending on whether it's "cross-origin isolated". we only have one origin, so choosing 20 us is probably fine, I guess see also: https://www.mozilla.org/en-US/security/advisories/mfsa2018-01/ https://developer.mozilla.org/en-US/docs/Web/API/Performance/now#security_requirements other clocks: * os.time() and os.date() only have seconds precision, AFAIK. * dtime is only given once per step, so it's not useful * there might be other ways to build clocks (if we get async envs for sscsm, with a busy loop, for example)
2025-10-05 19:31:04 +00:00 · 2025-02-22 15:23:37 +01:00 · 2025-02-22 15:23:37 +01:00 · 6a360e507a
commit 6a360e507a
parent 1e0d96af26
5 changed files with 34 additions and 2 deletions
--- a/src/constants.h
+++ b/src/constants.h
@ -105,3 +105,7 @@
 // The intent is to ensure that the rendering doesn't turn terribly blurry
 // when filtering is enabled.
 #define TEXTURE_FILTER_MIN_SIZE 192U
+
+// Resolution of clocks that SSCSM has access to, in us.
+// Used as countermeasure against side-channel attacks.
+#define SSCSM_CLOCK_RESOLUTION_US 20