Received: by 2002:ac0:8c9a:0:0:0:0:0 with SMTP id r26csp21649ima; Thu, 31 Jan 2019 11:43:45 -0800 (PST) X-Google-Smtp-Source: ALg8bN4nQi2GSsrh30JSVYtb9Q7HrubbJWKBGHjlkxWryoJnLTUg2BuLqV+Ghs6PQBjCLDDINirY X-Received: by 2002:a17:902:be11:: with SMTP id r17mr36368400pls.308.1548963824998; Thu, 31 Jan 2019 11:43:44 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1548963824; cv=none; d=google.com; s=arc-20160816; b=NR8R4fUJxOYXQqYl6auG+pw/e/dopquXGeKKUQWMC3qV6Wntc8kZff9HfRCU3m/04F 0fLJqbAtJd8OFdCn5Lexx2fHNslCbNETpr+Z7n7dL9tPcEfsZLqQbWUBfrBuqlfJV1Nn 0WghwVlFQsAODP51njrqoa+EbqCC8sLhrb0ceyNvvknPbAT8jiOC+VhUq5Me3JFcvLtX igj6Owm+ikzksPo4uZCeJBCG4r3JYsojHw+t7Gkt31+rd5aHv38wrOY9K8em+rmwseER APygDCxdlWjAjFwOo3rx2Vz0sdqfqs1ehHKKDW1DpIFRyG60EJQUxOWj6s2yIDIwKTUZ mO3g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=A12aDa+5W9QhGLlMyggdoqeIT915Z4nL+XYgIaJs8iA=; b=jhuvvCMp3WQWIcqu+LXswFvDJrFYTrU7DTZIpAcbpM94JA7lTKhLY+XACJV0JReXFs NZK1HDYJq3HTjmazqldJCbCfSl3mO6cZVLkWLwKQIWhJ2smx+FOq9+FuN4BAwBsFTvxN 1T1PYyr5pa4k5ADpBm5SrciQVL8UEBUtqNSof9YYBwyfhbJWcW1PtWOre17gCDx2orrA IQnPSkFxZ+HIF+NTcAPVXNXpFk5a/0KUulo1aVX/sWm8+ecwG+qgwvcve/yy7wQw3PVj Afm5JD5tGY2wfKjCPT+Mq6VPWkGonvFN4yjsq67itzL2839V4oxUaODYPxlQKYi5iGRm RlRw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=DMIJ9SqT; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id v34si5122206plg.205.2019.01.31.11.43.29; Thu, 31 Jan 2019 11:43:44 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=DMIJ9SqT; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729261AbfAaT2d (ORCPT + 99 others); Thu, 31 Jan 2019 14:28:33 -0500 Received: from mail-pg1-f196.google.com ([209.85.215.196]:37985 "EHLO mail-pg1-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727537AbfAaT2a (ORCPT ); Thu, 31 Jan 2019 14:28:30 -0500 Received: by mail-pg1-f196.google.com with SMTP id g189so1781296pgc.5 for ; Thu, 31 Jan 2019 11:28:29 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=A12aDa+5W9QhGLlMyggdoqeIT915Z4nL+XYgIaJs8iA=; b=DMIJ9SqTyTde2e6/edb0iUiqB/YWAlTIXk1HF/cV82SJSRh6iHAS5wrDLvl1z06QKX d/wlYIs1n1akJahncaDUsonXmlWuhQJ76+D5nH6z3BOs3FwOy5l4W8WKRwHCd8SbPPT+ UTLcz+Eev1GO58YgPJ9+nc1pytrfUM/jx0aw0= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=A12aDa+5W9QhGLlMyggdoqeIT915Z4nL+XYgIaJs8iA=; b=gnrRWq+xHMds+xBxMKyOY7VJDF08XPIev8MzqF4+F8hjjEp9DfJO2RUy3b3r78KON8 mOpY94i9eF1uLWKFoHqW9YyPa98p/slM2W11GFUyvrgY3SBIwPZ7wp5vKkEuHPWhmoW/ QZAI8FYXPKrilPINZr33HTuMc5YAor4oUcb83R9O85IWSVyiT6mrVqPWiZ2rJXFwKgh1 V5KJHo1PSzcGSx70HU6SRVn59AnGTaAYK2z6tiP91MtMieSjVecNGF77aT1WwMFAPX/W 32LLgVnQOFvdr6HlAZIFlxQg5bUMJz9okhycLqyKr9liD91JQjsgno4UlHTG5prdkTBY r8Cw== X-Gm-Message-State: AJcUukclgEi8kTCpsmkxElETTNOsL5jc7cgpbu/KDpZENOirvzORySbN ycmP5DU8KkVCHhjmkoi4ubT6+Q== X-Received: by 2002:a63:1408:: with SMTP id u8mr32850734pgl.271.1548962909228; Thu, 31 Jan 2019 11:28:29 -0800 (PST) Received: from skynet.sea.corp.google.com ([2620:15c:17:4:29de:3bb1:1270:e679]) by smtp.gmail.com with ESMTPSA id s130sm11164399pgc.60.2019.01.31.11.28.28 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 31 Jan 2019 11:28:28 -0800 (PST) From: Thomas Garnier To: kernel-hardening@lists.openwall.com Cc: kristen@linux.intel.com, Thomas Garnier , Thomas Gleixner , Ingo Molnar , Borislav Petkov , "H. Peter Anvin" , x86@kernel.org, Juergen Gross , "Kirill A. Shutemov" , Thomas Garnier , linux-kernel@vger.kernel.org Subject: [PATCH v6 09/27] x86/boot/64: Adapt assembly for PIE support Date: Thu, 31 Jan 2019 11:24:16 -0800 Message-Id: <20190131192533.34130-10-thgarnie@chromium.org> X-Mailer: git-send-email 2.20.1.495.gaa96b0ce6b-goog In-Reply-To: <20190131192533.34130-1-thgarnie@chromium.org> References: <20190131192533.34130-1-thgarnie@chromium.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Change the assembly code to use only relative references of symbols for the kernel to be PIE compatible. Early at boot, the kernel is mapped at a temporary address while preparing the page table. To know the changes needed for the page table with KASLR, the boot code calculate the difference between the expected address of the kernel and the one chosen by KASLR. It does not work with PIE because all symbols in code are relatives. Instead of getting the future relocated virtual address, you will get the current temporary mapping. Instructions were changed to have absolute 64-bit references. Position Independent Executable (PIE) support will allow to extend the KASLR randomization range below 0xffffffff80000000. Signed-off-by: Thomas Garnier --- arch/x86/kernel/head_64.S | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/arch/x86/kernel/head_64.S b/arch/x86/kernel/head_64.S index d1dbe8e4eb82..b9b6c6aa0313 100644 --- a/arch/x86/kernel/head_64.S +++ b/arch/x86/kernel/head_64.S @@ -90,8 +90,10 @@ startup_64: popq %rsi /* Form the CR3 value being sure to include the CR3 modifier */ - addq $(early_top_pgt - __START_KERNEL_map), %rax + movabs $(early_top_pgt - __START_KERNEL_map), %rcx + addq %rcx, %rax jmp 1f + ENTRY(secondary_startup_64) UNWIND_HINT_EMPTY /* @@ -120,7 +122,8 @@ ENTRY(secondary_startup_64) popq %rsi /* Form the CR3 value being sure to include the CR3 modifier */ - addq $(init_top_pgt - __START_KERNEL_map), %rax + movabs $(init_top_pgt - __START_KERNEL_map), %rcx + addq %rcx, %rax 1: /* Enable PAE mode, PGE and LA57 */ @@ -138,7 +141,7 @@ ENTRY(secondary_startup_64) movq %rax, %cr3 /* Ensure I am executing from virtual addresses */ - movq $1f, %rax + movabs $1f, %rax ANNOTATE_RETPOLINE_SAFE jmp *%rax 1: @@ -235,11 +238,12 @@ ENTRY(secondary_startup_64) * REX.W + FF /5 JMP m16:64 Jump far, absolute indirect, * address given in m16:64. */ - pushq $.Lafter_lret # put return address on stack for unwinder + movabs $.Lafter_lret, %rax + pushq %rax # put return address on stack for unwinder xorl %ebp, %ebp # clear frame pointer - movq initial_code(%rip), %rax + leaq initial_code(%rip), %rax pushq $__KERNEL_CS # set correct cs - pushq %rax # target address in negative space + pushq (%rax) # target address in negative space lretq .Lafter_lret: END(secondary_startup_64) -- 2.20.1.495.gaa96b0ce6b-goog