Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 22 Sep 2017 11:27:07 -0700
From: "H. Peter Anvin" <hpa@...or.com>
To: Peter Zijlstra <peterz@...radead.org>, Ingo Molnar <mingo@...nel.org>
Cc: Thomas Garnier <thgarnie@...gle.com>,
        Herbert Xu <herbert@...dor.apana.org.au>,
        "David S . Miller" <davem@...emloft.net>,
        Thomas Gleixner <tglx@...utronix.de>, Ingo Molnar <mingo@...hat.com>,
        Josh Poimboeuf <jpoimboe@...hat.com>, Arnd Bergmann <arnd@...db.de>,
        Matthias Kaehlcke <mka@...omium.org>,
        Boris Ostrovsky <boris.ostrovsky@...cle.com>,
        Juergen Gross
 <jgross@...e.com>, Paolo Bonzini <pbonzini@...hat.com>,
        Radim Krčmář <rkrcmar@...hat.com>,
        Joerg Roedel <joro@...tes.org>, Tom Lendacky <thomas.lendacky@....com>,
        Andy Lutomirski <luto@...nel.org>, Borislav Petkov <bp@...e.de>,
        Brian Gerst <brgerst@...il.com>,
        "Kirill A . Shutemov" <kirill.shutemov@...ux.intel.com>,
        "Rafael J . Wysocki" <rjw@...ysocki.net>,
        Len Brown <len.brown@...el.com>, Pavel Machek <pavel@....cz>,
        Tejun Heo <tj@...nel.org>, Christoph Lameter <cl@...ux.com>,
        Paul Gortmaker <paul.gortmaker@...driver.com>,
        Chris Metcalf <cmetcalf@...lanox.com>,
        Andrew Morton <akpm@...ux-foundation.org>,
        "Paul E . McKenney" <paulmck@...ux.vnet.ibm.com>,
        Nicolas Pitre <nicolas.pitre@...aro.org>,
        Christopher Li
 <sparse@...isli.org>,
        "Rafael J . Wysocki" <rafael.j.wysocki@...el.com>,
        Lukas Wunner <lukas@...ner.de>,
        Mika Westerberg <mika.westerberg@...ux.intel.com>,
        Dou Liyang <douly.fnst@...fujitsu.com>,
        Daniel Borkmann <daniel@...earbox.net>,
        Alexei Starovoitov <ast@...nel.org>,
        Masahiro Yamada <yamada.masahiro@...ionext.com>,
        Markus Trippelsdorf <markus@...ppelsdorf.de>,
        Steven Rostedt <rostedt@...dmis.org>,
        Kees Cook <keescook@...omium.org>, Rik van Riel <riel@...hat.com>,
        David Howells <dhowells@...hat.com>, Waiman Long <longman@...hat.com>,
        Kyle Huey <me@...ehuey.com>, Peter Foley <pefoley2@...oley.com>,
        Tim Chen <tim.c.chen@...ux.intel.com>,
        Catalin Marinas <catalin.marinas@....com>,
        Ard Biesheuvel <ard.biesheuvel@...aro.org>,
        Michal Hocko <mhocko@...e.com>,
        Matthew Wilcox <mawilcox@...rosoft.com>,
        "H . J . Lu" <hjl.tools@...il.com>, Paul Bolle <pebolle@...cali.nl>,
        Rob Landley <rob@...dley.net>, Baoquan He <bhe@...hat.com>,
        Daniel Micay <danielmicay@...il.com>,
        the arch/x86 maintainers <x86@...nel.org>,
        linux-crypto@...r.kernel.org, LKML <linux-kernel@...r.kernel.org>,
        xen-devel@...ts.xenproject.org, kvm list <kvm@...r.kernel.org>,
        Linux PM list <linux-pm@...r.kernel.org>,
        linux-arch <linux-arch@...r.kernel.org>, linux-sparse@...r.kernel.org,
        Kernel Hardening <kernel-hardening@...ts.openwall.com>,
        Linus Torvalds <torvalds@...ux-foundation.org>,
        Borislav Petkov <bp@...en8.de>
Subject: Re: x86: PIE support and option to extend KASLR randomization

On 08/21/17 07:28, Peter Zijlstra wrote:
> 
> Ah, I see, this is large mode and that needs to use MOVABS to load 64bit
> immediates. Still, small RIP relative should be able to live at any
> point as long as everything lives inside the same 2G relative range, so
> would still allow the goal of increasing the KASLR range.
> 
> So I'm not seeing how we need large mode for that. That said, after
> reading up on all this, RIP relative will not be too pretty either,
> while CALL is naturally RIP relative, data still needs an explicit %rip
> offset, still loads better than the large model.
> 

The large model makes no sense whatsoever.  I think what we're actually
looking for is the small-PIC model.

Ingo asked:
> I.e. is there no GCC code generation mode where code can be placed anywhere in the 
> canonical address space, yet call and jump distance is within 31 bits so that the 
> generated code is fast?

That's the small-PIC model.  I think if all symbols are forced to hidden
then it won't even need a GOT/PLT.

We do need to consider how we want modules to fit into whatever model we
choose, though.  They can be adjacent, or we could go with a more
traditional dynamic link model where the modules can be separate, and
chained together with the main kernel via the GOT.

	-hpa

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.