Received: by 2002:a25:1506:0:0:0:0:0 with SMTP id 6csp3869553ybv; Mon, 10 Feb 2020 07:55:19 -0800 (PST) X-Google-Smtp-Source: APXvYqwu3aFeVUDD9b+vSLE5VmoSHn1+rd5kMlqKjzGWSW5APB+yTWhJBJih/keOkc9D8T77p96X X-Received: by 2002:aca:4c11:: with SMTP id z17mr1179856oia.104.1581350118934; Mon, 10 Feb 2020 07:55:18 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1581350118; cv=none; d=google.com; s=arc-20160816; b=dxkuOTNAZwal0jaKNMDnBqLXRiBfJkf/WU3NIdap3nAZUOH0PHYlUrEh6jyqXwtoHO D3BgfPqm5EazRy2eqqsH2FDgiUzPP/YIRto79qGhojVI5YDLCpFYy1NGzkoRpt6dntU3 nKKTzVpCkGLxPcarJjKlLL9+jWAdjKyDv0+olUMykSBR1Oxc79eXahwnqC4naXH1aOLw pN3xB2XxuqJgmU+p8/K7Dms5T1Z9uyiEoEmjUvf+4EhUND/WKFvUxJA9ej5IXD91xtRf SATCgkfDtbaEjmX+ARhAQ/Kk9MDu31Y1kUGTcPdl4CaHPoaAscJnKZANww0Srx/5qVOZ nD1w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject; bh=uDrZPSWuz9Yg+PXsHclQDjqJerNmKy6N1SE0GSX8wyU=; b=BK7RQpxCHz9GkAv+dBVxTWbH+zlud2slln4V0Jqn/wnPa2wU1WM7ONt+9D8ToxMiut ROExLP2DurVuysmQyOot0d+1kTtqCilRCdStxWYshodoe1mem4Jl5bjcLnx6pIAy2s2M y4MWKePU4tLE4LedNBIRN82BPHqkaVIrVrfcOjXRxLagENThoNkGJTot0afOV/ZhOE6D 9POY5hMrX2YX9dLlKPmASP7eG++Z+twCsNZi06U+4+smlIeEygatf5v/dx11pwqDXwa9 y99Jcwf9LfwA6jCEM+VRFzMJrzotMX/s/3zkP3uylzMsnXhRpECMZYRHOohEAvuTXLy3 7Oqg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id y19si367819oto.102.2020.02.10.07.55.05; Mon, 10 Feb 2020 07:55:18 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727652AbgBJPzB (ORCPT + 99 others); Mon, 10 Feb 2020 10:55:01 -0500 Received: from mga07.intel.com ([134.134.136.100]:1546 "EHLO mga07.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727584AbgBJPzB (ORCPT ); Mon, 10 Feb 2020 10:55:01 -0500 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga004.jf.intel.com ([10.7.209.38]) by orsmga105.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 10 Feb 2020 07:55:00 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.70,425,1574150400"; d="scan'208";a="380142760" Received: from avandeve-mobl.amr.corp.intel.com (HELO [10.254.13.35]) ([10.254.13.35]) by orsmga004.jf.intel.com with ESMTP; 10 Feb 2020 07:54:59 -0800 Subject: Re: [RFC PATCH 06/11] x86: make sure _etext includes function sections To: Peter Zijlstra , Kees Cook Cc: Andy Lutomirski , Kristen Carlson Accardi , tglx@linutronix.de, mingo@redhat.com, bp@alien8.de, hpa@zytor.com, rick.p.edgecombe@intel.com, x86@kernel.org, linux-kernel@vger.kernel.org, kernel-hardening@lists.openwall.com References: <75f0bd0365857ba4442ee69016b63764a8d2ad68.camel@linux.intel.com> <20200207092423.GC14914@hirez.programming.kicks-ass.net> <202002091742.7B1E6BF19@keescook> <20200210105117.GE14879@hirez.programming.kicks-ass.net> From: Arjan van de Ven Message-ID: <43b7ba31-6dca-488b-8a0e-72d9fdfd1a6b@linux.intel.com> Date: Mon, 10 Feb 2020 07:54:58 -0800 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.9.1 MIME-Version: 1.0 In-Reply-To: <20200210105117.GE14879@hirez.programming.kicks-ass.net> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org > > I'll leave it to others to figure out the exact details. But afaict it > should be possible to have fine-grained-randomization and preserve the > workaround in the end. > the most obvious "solution" is to compile with an alignment of 4 bytes (so tight packing) and then in the randomizer preserve the offset within 32 bytes, no matter what it is that would get you an average padding of 16 bytes which is a bit more than now but not too insane (queue Kees' argument that tiny bits of padding are actually good)