Received: by 2002:a25:8b91:0:0:0:0:0 with SMTP id j17csp1062560ybl; Wed, 4 Dec 2019 16:11:56 -0800 (PST) X-Google-Smtp-Source: APXvYqzwkjIX7bmcny00ErcUPZrhDq/PHvcFSoNMfohtUfq9NFsCfzR8jN8MqbIyjSgLjWK1jEri X-Received: by 2002:a9d:4543:: with SMTP id p3mr4744273oti.350.1575504716039; Wed, 04 Dec 2019 16:11:56 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1575504716; cv=none; d=google.com; s=arc-20160816; b=XMzA9hARIWw+4eN2FoVFVqAPTP3E6FJPa2/xFMm9NOGU0pyv4SnFhWYfzMJr01swCQ YiQ6ojAu/wNf5DWj0R7XCRukc+cSAsqsLVI8EgaWQMb/aqS9J5KAQqkAABX/TgH7RcHU 7uX4Z7NjcK3t33nt7ebmQmQawlnU1xMAj7HuOKfcrky5ZxREGBVHW6fgyudW0DOU20S4 H1sEWuAr/EF10aer41Mqq7AFTFw5rRlP66poG0fvxd0bNGPmvUfTNe7FFEyVuMQWOnKX nlRaNvVNmK5PIYjkZNz/NH/d4RCLCTsq56aQ0TwFXIg+1dXWCmeBU8LRBb6UuGZikIfj wkGQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=Wom0YuEw+sxPN46lShSOJcleDb+6/uebIAUT9UJe6O4=; b=SnDmn9FSgpCqCODavU3ltGoTkY1cXSgfhBHx4u4QU+F8PMyQN+ayV60mt47ktDWhd9 QMa9Bn0Nfb96ilRdjfcmSrzIK5EgJA/YnmrQxnl1CmZhgqkaqxoROLIdQs5Za0ykuV8U 7YJIrUTI2E1gkaSpCcmIe+Y0Q3AktopvsFghmIz1qddcx5F277qe9IPkkf0NvgeDvZtO kDxGNQnfFaO6d/8RCo0D7f7vZ+Uj/POBCW81w8x1PdJn6wM9uU2W/AX/GWdaAZG6+MUX aTOJ4q8j9x/g+a6vPV7uCNxEdVTa+LX6uHE2dxq9PMflBd8YidJDjGH2v0QSL+2/h31n 7dLg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=TYU9bizn; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 1si3352644oij.276.2019.12.04.16.11.43; Wed, 04 Dec 2019 16:11:56 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=TYU9bizn; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728753AbfLEAKh (ORCPT + 99 others); Wed, 4 Dec 2019 19:10:37 -0500 Received: from mail-pf1-f194.google.com ([209.85.210.194]:35962 "EHLO mail-pf1-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728663AbfLEAK0 (ORCPT ); Wed, 4 Dec 2019 19:10:26 -0500 Received: by mail-pf1-f194.google.com with SMTP id b19so673788pfd.3 for ; Wed, 04 Dec 2019 16:10:25 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=Wom0YuEw+sxPN46lShSOJcleDb+6/uebIAUT9UJe6O4=; b=TYU9biznX4Fr+oXplt8t6lZVC875R5GdQpDtGyoG7jHn1dhskEBnd09tvZhJGAFU/g LrL5kio9op22EkuMbWapAdZnmHsJNSN3VvpSYWblpjxw1xSpBmEfPLeFLApm+7QNnUe1 b/lOwzkq65DhE5MjKUY1R1NraoVNUwtPyd4uk= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=Wom0YuEw+sxPN46lShSOJcleDb+6/uebIAUT9UJe6O4=; b=MvZ8euuHtOPvKVWOhk5PR6Sqb4E+IrIptMZPApqlMJ/pp1JkdHLG6LN8/GP++bmkny hwQvRn3zK2p2JkpPyC4cabbK5pqf5SC7ANhxyrctSm0SLkXuNI7NB7lIH/yQGzpX6bW3 mzq223zl2UEBCZw94KOSXwlzMQmKhwaA0hHlM8lB1PQDnf1LnM4g0I3wYksA3zdW5wY6 4IACfwaaBNhSfvabVlKv4uSP4YmmV40FbCjFPJsyBj/+bxjk1baZDKDqSdPV1pxfX5Mf dSR+ViWtxF1p5Wdjyr/bqguWQ3zuKgDxZORR63mxPM5dAYeDjh74IzN5nZeVQ5sM0qKg CUfA== X-Gm-Message-State: APjAAAUVbdSQdXIMxRv4d8J3/kvAKFDaLSCbGnHlb1XXpDo+X9/evLTD FG3mMel4ZeYbI2cTY6eYzfKCsQ== X-Received: by 2002:aa7:9afb:: with SMTP id y27mr6140094pfp.91.1575504624844; Wed, 04 Dec 2019 16:10:24 -0800 (PST) Received: from thgarnie.kir.corp.google.com ([2620:0:1008:1100:d6ba:ac27:4f7b:28d7]) by smtp.gmail.com with ESMTPSA id 73sm8422303pgc.13.2019.12.04.16.10.24 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 04 Dec 2019 16:10:24 -0800 (PST) From: Thomas Garnier To: kernel-hardening@lists.openwall.com Cc: kristen@linux.intel.com, keescook@chromium.org, Thomas Garnier , Juergen Gross , Thomas Hellstrom , "VMware, Inc." , Thomas Gleixner , Ingo Molnar , Borislav Petkov , "H. Peter Anvin" , x86@kernel.org, virtualization@lists.linux-foundation.org, linux-kernel@vger.kernel.org Subject: [PATCH v10 10/11] x86/paravirt: Adapt assembly for PIE support Date: Wed, 4 Dec 2019 16:09:47 -0800 Message-Id: <20191205000957.112719-11-thgarnie@chromium.org> X-Mailer: git-send-email 2.24.0.393.g34dc348eaf-goog In-Reply-To: <20191205000957.112719-1-thgarnie@chromium.org> References: <20191205000957.112719-1-thgarnie@chromium.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org If PIE is enabled, switch the paravirt assembly constraints to be compatible. The %c/i constrains generate smaller code so is kept by default. Position Independent Executable (PIE) support will allow to extend the KASLR randomization range below 0xffffffff80000000. Signed-off-by: Thomas Garnier Acked-by: Juergen Gross --- arch/x86/include/asm/paravirt_types.h | 32 +++++++++++++++++++++++---- 1 file changed, 28 insertions(+), 4 deletions(-) diff --git a/arch/x86/include/asm/paravirt_types.h b/arch/x86/include/asm/paravirt_types.h index 84812964d3dd..82f7ca22e0ae 100644 --- a/arch/x86/include/asm/paravirt_types.h +++ b/arch/x86/include/asm/paravirt_types.h @@ -336,9 +336,32 @@ extern struct paravirt_patch_template pv_ops; #define PARAVIRT_PATCH(x) \ (offsetof(struct paravirt_patch_template, x) / sizeof(void *)) +#ifdef CONFIG_X86_PIE +#define paravirt_opptr_call "a" +#define paravirt_opptr_type "p" + +/* + * Alternative patching requires a maximum of 7 bytes but the relative call is + * only 6 bytes. If PIE is enabled, add an additional nop to the call + * instruction to ensure patching is possible. + * + * Without PIE, the call is reg/mem64: + * ff 14 25 68 37 02 82 callq *0xffffffff82023768 + * + * With PIE, it is relative to %rip and take 1-less byte: + * ff 15 fa d9 ff 00 callq *0xffd9fa(%rip) # + * + */ +#define PARAVIRT_CALL_POST "nop;" +#else +#define paravirt_opptr_call "c" +#define paravirt_opptr_type "i" +#define PARAVIRT_CALL_POST "" +#endif + #define paravirt_type(op) \ [paravirt_typenum] "i" (PARAVIRT_PATCH(op)), \ - [paravirt_opptr] "i" (&(pv_ops.op)) + [paravirt_opptr] paravirt_opptr_type (&(pv_ops.op)) #define paravirt_clobber(clobber) \ [paravirt_clobber] "i" (clobber) @@ -377,9 +400,10 @@ int paravirt_disable_iospace(void); * offset into the paravirt_patch_template structure, and can therefore be * freely converted back into a structure offset. */ -#define PARAVIRT_CALL \ - ANNOTATE_RETPOLINE_SAFE \ - "call *%c[paravirt_opptr];" +#define PARAVIRT_CALL \ + ANNOTATE_RETPOLINE_SAFE \ + "call *%" paravirt_opptr_call "[paravirt_opptr];" \ + PARAVIRT_CALL_POST /* * These macros are intended to wrap calls through one of the paravirt -- 2.24.0.393.g34dc348eaf-goog