Received: by 2002:a25:4158:0:0:0:0:0 with SMTP id o85csp5127993yba; Wed, 10 Apr 2019 11:59:27 -0700 (PDT) X-Google-Smtp-Source: APXvYqxU+cjb70a1WvtU7Ly6MDPeSzikw5aVsBHwNIlJ3a8UyN/fQWnzGLjqlWdXZka11HHEAM/v X-Received: by 2002:a65:6546:: with SMTP id a6mr42824476pgw.5.1554922767614; Wed, 10 Apr 2019 11:59:27 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1554922767; cv=none; d=google.com; s=arc-20160816; b=T+fChD0K/je0ldu90+ELc5v8GBPhWYHvlINaA71DwwFCutDmIgQChhJM6BsqECfzIE GWUn8zoBK+de0CVteINmZQT8DhSrHgYuiWXk/9ZKLxpYTkkmngXYcqsiCCUlAMPDNZ+f qsMVFGQT4lMlzCKSuT1/rTjH6b/bPazzu6ZBjrQINH+VCYn1Mn5BIOZnH1efYk1ohY0O /hhwkuB6xMtTM1TIweq1MriyLykS0xWllRjrtQ1ZGxg5yQGSalzifHO9pUoGUBzuT6ht FQ6VXZGC9aJw1tNy0T7k0dFQVb9fzcdTjghgzUFXpPGpxjPIRWDGb8N3d9N/FNmIO+n5 rDLw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=nCrI0/fcnK3AyC9MRRK5XJmCh4ej7uxa3ZgKLtftzrs=; b=Jvol148e5xwlrHkXgp7EsuXbyxR1laXghyHrfS/IZ3pcSfp6cQpZyHc0VWFIyXsgKn qC7SNoJNs43hHbqQk76OWSd5vfFnRL8nCmiw8EVBjXipVirnThT9VTbkiCYwuiObXaT3 LpsHNrezUSJOBk70bx2rn2y49YFjbs++3oVI4pOihXb1L9OoEBwr5MkLaKPwzPuYW6k8 EJga1txlmX6QYTB226qrlBZ5dMdfIagoktiolIFwIg7Am2ig+kPHYtMpBYbU2GxFDtto Q0gsS5bZsmFa4B+4uH2qQF5eDRWMDNqjCkrNH3qod92qTOV4UnrtQsSHywn3u/w+hoPA 6V/g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=StdwBHOS; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id j5si33059098pfi.166.2019.04.10.11.59.11; Wed, 10 Apr 2019 11:59:27 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=StdwBHOS; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2387776AbfDJQVC (ORCPT + 99 others); Wed, 10 Apr 2019 12:21:02 -0400 Received: from mail-vs1-f67.google.com ([209.85.217.67]:44618 "EHLO mail-vs1-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727892AbfDJQVB (ORCPT ); Wed, 10 Apr 2019 12:21:01 -0400 Received: by mail-vs1-f67.google.com with SMTP id j184so1692621vsd.11 for ; Wed, 10 Apr 2019 09:21:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=nCrI0/fcnK3AyC9MRRK5XJmCh4ej7uxa3ZgKLtftzrs=; b=StdwBHOSdMNheyWbSlfmHxAnCuSAEhoKVJtHk32Ru/Lgp6w0qJkw7b2blFz86puXwp d7SYF54B2JBWD4Bl9EywpB8Ht1q5rJblH9PVrdrTwWtKTk+Pj0/S2uZCyBIPaiNG+ZzW i0u4ChbrDGt4yndCLwOh/GoFHqycRW8h0vpoE= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=nCrI0/fcnK3AyC9MRRK5XJmCh4ej7uxa3ZgKLtftzrs=; b=aA783VnZdny0dCSJ2oL+7RiCJUmkcmCT+0b1mxcXHpCReZ4/EC8F4BN9uVCD3+J3vC HcL8YFDXwN5PfTy0aN1tRFvCPtWRwm3XshJro8Sx5LLDcW5x5XUw2feqjk/Qx3KttPrk EpryamDpFRMa7JuZQsH0ojDQ1IMJ/A1uAXPr31ahoC6LzF/FIFD8yQnySimvg9EAmuJi ximlTkyxObxqwhkrzB7yYYvXjkBas53Ia4Pnkkc/tLgXL0tyLnB/aml8vGe9OkLwBlGg cjzE9l8hujSbJiXmInQaqrwaH0ASrbnE7rMhmc0tu7X7xep448qXd2P+PqP5c53+/U/N RgBw== X-Gm-Message-State: APjAAAUdrX69VQVDq6B5veUPix1QCf1n9/PqS2bETx/LuxerjHfXee7S cGOBdwV+8rMgpsqjdrRjBd/oGIVeCqg= X-Received: by 2002:a67:fe95:: with SMTP id b21mr25458018vsr.109.1554913259820; Wed, 10 Apr 2019 09:20:59 -0700 (PDT) Received: from mail-vs1-f52.google.com (mail-vs1-f52.google.com. [209.85.217.52]) by smtp.gmail.com with ESMTPSA id t128sm27893458vka.36.2019.04.10.09.20.57 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 10 Apr 2019 09:20:58 -0700 (PDT) Received: by mail-vs1-f52.google.com with SMTP id t78so1729622vsc.1 for ; Wed, 10 Apr 2019 09:20:57 -0700 (PDT) X-Received: by 2002:a67:f04e:: with SMTP id q14mr24976116vsm.133.1554913257394; Wed, 10 Apr 2019 09:20:57 -0700 (PDT) MIME-Version: 1.0 References: <20190410112103.15170-1-elena.reshetova@intel.com> <20190410112103.15170-2-elena.reshetova@intel.com> <20190410114259.GB9293@gmail.com> In-Reply-To: From: Kees Cook Date: Wed, 10 Apr 2019 09:20:46 -0700 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH 1/1] x86/entry/64: randomize kernel stack offset upon syscall To: Andy Lutomirski Cc: Ingo Molnar , Elena Reshetova , LKML , Josh Poimboeuf , Kees Cook , Jann Horn , "Perla, Enrico" , Ingo Molnar , Borislav Petkov , Thomas Gleixner , Peter Zijlstra , Greg KH Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Apr 10, 2019 at 7:49 AM Andy Lutomirski wrote: > And build it like this, it fails: > > $ gcc -o ingo -g ingo.c -pie > /usr/bin/ld: /tmp/ccofYU9N.o: relocation R_X86_64_32 against `.rodata' > can not be used when making a PIE object; recompile with -fPIC > /usr/bin/ld: final link failed: nonrepresentable section on output > collect2: error: ld returned 1 exit status > > Which I assume means that -pie requires -fPIC, and your toolchain is > screwed up and is defaulting to useless options. I'm guessing you > should file a bug against your distro gcc package. For me, it works > if I remove -pie. I think you need both -fPIE (object creation) and -pie (linking). -- Kees Cook