Received: by 2002:a25:ad19:0:0:0:0:0 with SMTP id y25csp7155877ybi; Mon, 8 Jul 2019 15:46:44 -0700 (PDT) X-Google-Smtp-Source: APXvYqwfTeIC+nDCpHuLuZaSDdLsKTTywL9Gx2YtPM9Mee2qsRVbhFqps3wMoGS6b5TlfIxEzkA7 X-Received: by 2002:a17:902:ea:: with SMTP id a97mr27563274pla.182.1562626004223; Mon, 08 Jul 2019 15:46:44 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1562626004; cv=none; d=google.com; s=arc-20160816; b=sHEnNS6CgeCTKcruXN/rMMEYbuf1Y1WI71hwgtkx5dtrDGFnHC1w5Obv4l4UYJBF4h PmrpH/0BrKkeLLWMTkYo9NppqyknARprDMa5wDwtONmCIynuGlxfvTAn5t4yvohXPrYl V4/lyjPrTTpw2kvHWEpY2hspdiAMoozXLGAMjWSBotuHk749XFq0V+0P7tbvlLUil539 OS7vNxIVazuGzFq2ffb4QNX5mKUr9KoU2fq886DDTVp7nydUzGZ7DrPVVwES1UGiQDf9 rdLxYpYVf3mIYyB5vE7PPmB2NxKYX0GS1djGyjvKaXwWtkFgajm7xvvzCshuFpSNmxQO E3Tw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=ePdEUdrca6fFwO52Os//aVk9SOcvqdOqJdcWyryzZTw=; b=YFSt6O7HGMHjWUQJEnTxWhNdNohQhaPgbHOKOGvYnZ3HSdhYIjiP+NHqFihStUpnzR 0mxsajBYLNdxeKPCi80tvhP8DEajfIYoGlC0wG/1zleq0qU9EnO6sWh3hzN1+BJw2VZE kX4iRE2eZMkMzfmFiW0icO+9z7xY2JpHvX+ZoL/Dd8Xt3I2D24pzbQmZJKeqZIZETovC LE/e2j71Aiyd1Qq2mUYWzTC4oKk/zOkMB0eWXY9S+FwjIVMced41Wm0BNInhJOEbFTx9 qfC/cWgxJXU/ppFkW+C0sZhMZ86h2j3SF0q46mnWxuqH9jf16HpAy1UJOekitgA3nKBi RlJQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=kU0hTEVJ; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id z190si21292706pgd.303.2019.07.08.15.46.29; Mon, 08 Jul 2019 15:46:44 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=kU0hTEVJ; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2404032AbfGHRt6 (ORCPT + 99 others); Mon, 8 Jul 2019 13:49:58 -0400 Received: from mail-pf1-f194.google.com ([209.85.210.194]:45134 "EHLO mail-pf1-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2390638AbfGHRtj (ORCPT ); Mon, 8 Jul 2019 13:49:39 -0400 Received: by mail-pf1-f194.google.com with SMTP id r1so7932777pfq.12 for ; Mon, 08 Jul 2019 10:49:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=ePdEUdrca6fFwO52Os//aVk9SOcvqdOqJdcWyryzZTw=; b=kU0hTEVJAcl6SkM40WFYbml9NRVB/VRgYvcodBevBVS7b5Dci28pvYAr2xfhi/axgn eBQEcW6Js8KEf09C6+AFw/yxAlwdgGyE2B1AsbeW+pGDw2pR18c+hPy5YlvCsK4qNBBV 8XE2uXEe8ZEhINFcEgDl/BiQWMLWv9/IddJBg= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=ePdEUdrca6fFwO52Os//aVk9SOcvqdOqJdcWyryzZTw=; b=jreecDq2Atl3nm5czNaX7/WTSzfQ7x8DmNekQA6p0iFjmB34dja35BvGQgUQSf66Wb rc0wlgXTSXwCHqrJg1x4tyogHCTUennm8w3Qs9Zobz1LtT/97eeqFW3hIvx67WkddCsW QyqkVJfpnKrqoltquMsp2q2KDFn4T5FiPQ8qiUDdg1TVyJqNXRSHHQ4UJqivp3ZRbw8o 6na1/hkgfWSnBWJqNbASFfNt0e2vZ/vD6Aoeq6iglPjSti40B9LUDl2viGok9BWINdfP B65EstILt0VyM7jQYfo9e47nrsNot/kuyT6MKOjFkqYmn8/nUhbsqA1gs/Q7h2oi5wz2 0D5w== X-Gm-Message-State: APjAAAUqHWUdgSoW2okXwTpAuWRK6DqTLRlnYQzs7foQAvx1rVrIXSQ/ DVBU8ALjY1fcUCSXswHfAyWF/g== X-Received: by 2002:a63:231c:: with SMTP id j28mr25012871pgj.430.1562608178690; Mon, 08 Jul 2019 10:49:38 -0700 (PDT) Received: from skynet.sea.corp.google.com ([2620:0:1008:1100:c4b5:ec23:d87b:d6d3]) by smtp.gmail.com with ESMTPSA id j1sm20151686pfe.101.2019.07.08.10.49.38 (version=TLS1_3 cipher=AEAD-AES256-GCM-SHA384 bits=256/256); Mon, 08 Jul 2019 10:49:38 -0700 (PDT) From: Thomas Garnier To: kernel-hardening@lists.openwall.com Cc: kristen@linux.intel.com, keescook@chromium.org, Thomas Garnier , Thomas Gleixner , Ingo Molnar , Borislav Petkov , "H. Peter Anvin" , x86@kernel.org, Juergen Gross , Boris Ostrovsky , Feng Tang , Maran Wilson , Andy Lutomirski , linux-kernel@vger.kernel.org Subject: [PATCH v8 08/11] x86/boot/64: Adapt assembly for PIE support Date: Mon, 8 Jul 2019 10:49:01 -0700 Message-Id: <20190708174913.123308-9-thgarnie@chromium.org> X-Mailer: git-send-email 2.22.0.410.gd8fdbe21b5-goog In-Reply-To: <20190708174913.123308-1-thgarnie@chromium.org> References: <20190708174913.123308-1-thgarnie@chromium.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Change the assembly code to use only relative references of symbols for the kernel to be PIE compatible. Early at boot, the kernel is mapped at a temporary address while preparing the page table. To know the changes needed for the page table with KASLR, the boot code calculate the difference between the expected address of the kernel and the one chosen by KASLR. It does not work with PIE because all symbols in code are relatives. Instead of getting the future relocated virtual address, you will get the current temporary mapping. Instructions were changed to have absolute 64-bit references. Position Independent Executable (PIE) support will allow to extend the KASLR randomization range below 0xffffffff80000000. Signed-off-by: Thomas Garnier Reviewed-by: Kees Cook --- arch/x86/kernel/head_64.S | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/arch/x86/kernel/head_64.S b/arch/x86/kernel/head_64.S index bcd206c8ac90..64a4f0a22b20 100644 --- a/arch/x86/kernel/head_64.S +++ b/arch/x86/kernel/head_64.S @@ -90,8 +90,10 @@ startup_64: popq %rsi /* Form the CR3 value being sure to include the CR3 modifier */ - addq $(early_top_pgt - __START_KERNEL_map), %rax + movabs $(early_top_pgt - __START_KERNEL_map), %rcx + addq %rcx, %rax jmp 1f + ENTRY(secondary_startup_64) UNWIND_HINT_EMPTY /* @@ -120,7 +122,8 @@ ENTRY(secondary_startup_64) popq %rsi /* Form the CR3 value being sure to include the CR3 modifier */ - addq $(init_top_pgt - __START_KERNEL_map), %rax + movabs $(init_top_pgt - __START_KERNEL_map), %rcx + addq %rcx, %rax 1: /* Enable PAE mode, PGE and LA57 */ @@ -138,7 +141,7 @@ ENTRY(secondary_startup_64) movq %rax, %cr3 /* Ensure I am executing from virtual addresses */ - movq $1f, %rax + movabs $1f, %rax ANNOTATE_RETPOLINE_SAFE jmp *%rax 1: @@ -235,11 +238,12 @@ ENTRY(secondary_startup_64) * REX.W + FF /5 JMP m16:64 Jump far, absolute indirect, * address given in m16:64. */ - pushq $.Lafter_lret # put return address on stack for unwinder + movabs $.Lafter_lret, %rax + pushq %rax # put return address on stack for unwinder xorl %ebp, %ebp # clear frame pointer - movq initial_code(%rip), %rax + leaq initial_code(%rip), %rax pushq $__KERNEL_CS # set correct cs - pushq %rax # target address in negative space + pushq (%rax) # target address in negative space lretq .Lafter_lret: END(secondary_startup_64) -- 2.22.0.410.gd8fdbe21b5-goog