Date: Fri, 25 Aug 2017 08:35:49 -0700 From: Thomas Garnier <thgarnie@...gle.com> To: Linus Torvalds <torvalds@...ux-foundation.org> Cc: Ingo Molnar <mingo@...nel.org>, Herbert Xu <herbert@...dor.apana.org.au>, "David S . Miller" <davem@...emloft.net>, Thomas Gleixner <tglx@...utronix.de>, Ingo Molnar <mingo@...hat.com>, "H . Peter Anvin" <hpa@...or.com>, Peter Zijlstra <peterz@...radead.org>, Josh Poimboeuf <jpoimboe@...hat.com>, Arnd Bergmann <arnd@...db.de>, Matthias Kaehlcke <mka@...omium.org>, Boris Ostrovsky <boris.ostrovsky@...cle.com>, Juergen Gross <jgross@...e.com>, Paolo Bonzini <pbonzini@...hat.com>, Radim Krčmář <rkrcmar@...hat.com>, Joerg Roedel <joro@...tes.org>, Tom Lendacky <thomas.lendacky@....com>, Andy Lutomirski <luto@...nel.org>, Borislav Petkov <bp@...e.de>, Brian Gerst <brgerst@...il.com>, "Kirill A . Shutemov" <kirill.shutemov@...ux.intel.com>, "Rafael J . Wysocki" <rjw@...ysocki.net>, Len Brown <len.brown@...el.com>, Pavel Machek <pavel@....cz>, Tejun Heo <tj@...nel.org>, Christoph Lameter <cl@...ux.com>, Paul Gortmaker <paul.gortmaker@...driver.com>, Chris Metcalf <cmetcalf@...lanox.com>, Andrew Morton <akpm@...ux-foundation.org>, "Paul E . McKenney" <paulmck@...ux.vnet.ibm.com>, Nicolas Pitre <nicolas.pitre@...aro.org>, Christopher Li <sparse@...isli.org>, "Rafael J . Wysocki" <rafael.j.wysocki@...el.com>, Lukas Wunner <lukas@...ner.de>, Mika Westerberg <mika.westerberg@...ux.intel.com>, Dou Liyang <douly.fnst@...fujitsu.com>, Daniel Borkmann <daniel@...earbox.net>, Alexei Starovoitov <ast@...nel.org>, Masahiro Yamada <yamada.masahiro@...ionext.com>, Markus Trippelsdorf <markus@...ppelsdorf.de>, Steven Rostedt <rostedt@...dmis.org>, Kees Cook <keescook@...omium.org>, Rik van Riel <riel@...hat.com>, David Howells <dhowells@...hat.com>, Waiman Long <longman@...hat.com>, Kyle Huey <me@...ehuey.com>, Peter Foley <pefoley2@...oley.com>, Tim Chen <tim.c.chen@...ux.intel.com>, Catalin Marinas <catalin.marinas@....com>, Ard Biesheuvel <ard.biesheuvel@...aro.org>, Michal Hocko <mhocko@...e.com>, Matthew Wilcox <mawilcox@...rosoft.com>, "H . J . Lu" <hjl.tools@...il.com>, Paul Bolle <pebolle@...cali.nl>, Rob Landley <rob@...dley.net>, Baoquan He <bhe@...hat.com>, Daniel Micay <danielmicay@...il.com>, "the arch/x86 maintainers" <x86@...nel.org>, Linux Crypto Mailing List <linux-crypto@...r.kernel.org>, LKML <linux-kernel@...r.kernel.org>, xen-devel <xen-devel@...ts.xenproject.org>, kvm list <kvm@...r.kernel.org>, Linux PM list <linux-pm@...r.kernel.org>, linux-arch <linux-arch@...r.kernel.org>, Sparse Mailing-list <linux-sparse@...r.kernel.org>, Kernel Hardening <kernel-hardening@...ts.openwall.com>, Peter Zijlstra <a.p.zijlstra@...llo.nl>, Borislav Petkov <bp@...en8.de> Subject: Re: x86: PIE support and option to extend KASLR randomization On Thu, Aug 24, 2017 at 2:42 PM, Linus Torvalds <torvalds@...ux-foundation.org> wrote: > > On Thu, Aug 24, 2017 at 2:13 PM, Thomas Garnier <thgarnie@...gle.com> wrote: > > > > My original performance testing was done with an Ubuntu generic > > configuration. This configuration has the CONFIG_FUNCTION_TRACER > > option which was incompatible with PIE. The tracer failed to replace > > the __fentry__ call by a nop slide on each traceable function because > > the instruction was not the one expected. If PIE is enabled, gcc > > generates a difference call instruction based on the GOT without > > checking the visibility options (basically call *__fentry__@...PCREL). > > Gah. > > Don't we actually have *more* address bits for randomization at the > low end, rather than getting rid of -mcmodel=kernel? We have but I think we use most of it for potential modules and the fixmap but it is not that big. The increase in range from 1G to 3G is just an example and a way to ensure PIE work as expected. The long term goal is being able to put the kernel where we want in memory, randomizing the position and the order of almost all memory sections. That would be valuable against BTB attack  for example where randomization on the low 32-bit is ineffective.  https://github.com/felixwilhelm/mario_baslr > > Has anybody looked at just moving kernel text by smaller values than > the page size? Yeah, yeah, the kernel has several sections that need > page alignment, but I think we could relocate normal text by just the > cacheline size, and that sounds like it would give several bits of > randomness with little downside. I didn't look into it. There is value in it depending on performance impact. I think both PIE and lower grain randomization would be useful. > > Or has somebody already looked at it and I just missed it? > > Linus -- Thomas
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.