Received: by 2002:a25:c205:0:0:0:0:0 with SMTP id s5csp201638ybf; Wed, 26 Feb 2020 11:26:31 -0800 (PST) X-Google-Smtp-Source: APXvYqxQpyFOfpNF+hyZSpVLVc5CMZAd+CgM2Fmm+Ehk5JRgJwaR6wb9ydbKVzXBBKKwEbjhsQwj X-Received: by 2002:a9d:7d87:: with SMTP id j7mr246944otn.159.1582745191581; Wed, 26 Feb 2020 11:26:31 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1582745191; cv=none; d=google.com; s=arc-20160816; b=MRRuaxHCsCilS+cpRmvT2R/QYf3gDuFU+4XtiPlK+f2NDEOjiei88nEikUlwh+CQUR pgxtXxTIzRkHvUEANi+mpQFh43bUeU4KYvqUd2UV/WEyA9nWnZhO/DCLO+cPT9q/oXEI OX1q4+4hw0w6xmkI0H2geG81yFMKqNlF3SVxL0oByFUvEX5QXlmV1dtX1+xq0f1Ax4dz uVoSn741rP+N2mt7EbgrXMeZLvglDb4gNHu5wKgd6LO7BZIgXbkhwtz7Y5yT06BCtjq3 OzxkMLQlnxKOfUcclP8fUA9+GOJLqIZTZ9PlWzUtGwyQMhkaEpvSFu45d4VY26XZ7Gym yHrg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:date:cc:to:from:subject :message-id; bh=9AWCQ0gVvoQ01fyBDh7cTmFJynpuYHK9V+Bd0IuCmj0=; b=Sx1fwbYgVJD1zmgAZ5tMY4X/HFY5cUjAbxZo1c6PhUcXQc/lBrKrFDvn6dBw+HHKk/ SYzfAfzpkgJjSugjE+HScLZx1pK0+fU/zJu6Yt1C2Zr4vpAjdzooc4zWODYfu6sAcvwh eFjpEu/KGo37/SR7NweYjGVjshE/BPWfIq7oLrHLrq+Dimj2/dBdnXmAL+m/MxuuoHHZ y74vJhvTM8aPLlaaZSpv5ET8D0K1k0OX+DYJa984+03kNvEBThG/x+5VHPYmzePjePyC Ae59FrKhHJ72WJGJuZsndWhRyB+8ToxQCWLbCb2v55SEukwd5ZQk8GqHUoskhwiSaFu9 fOgA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 12si101313oir.69.2020.02.26.11.26.18; Wed, 26 Feb 2020 11:26:31 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727226AbgBZT0J (ORCPT + 99 others); Wed, 26 Feb 2020 14:26:09 -0500 Received: from mga14.intel.com ([192.55.52.115]:46134 "EHLO mga14.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727035AbgBZT0J (ORCPT ); Wed, 26 Feb 2020 14:26:09 -0500 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga002.jf.intel.com ([10.7.209.21]) by fmsmga103.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 26 Feb 2020 11:26:09 -0800 X-IronPort-AV: E=Sophos;i="5.70,489,1574150400"; d="scan'208";a="256437340" Received: from kcaccard-mobl.amr.corp.intel.com (HELO kcaccard-mobl1.jf.intel.com) ([10.24.11.14]) by orsmga002-auth.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 26 Feb 2020 11:26:08 -0800 Message-ID: Subject: Re: [RFC PATCH 08/11] x86: Add support for finer grained KASLR From: Kristen Carlson Accardi To: Arvind Sankar Cc: tglx@linutronix.de, mingo@redhat.com, bp@alien8.de, hpa@zytor.com, arjan@linux.intel.com, keescook@chromium.org, rick.p.edgecombe@intel.com, x86@kernel.org, linux-kernel@vger.kernel.org, kernel-hardening@lists.openwall.com Date: Wed, 26 Feb 2020 11:26:08 -0800 In-Reply-To: <20200225174951.GA1373392@rani.riverdale.lan> References: <20200205223950.1212394-1-kristen@linux.intel.com> <20200205223950.1212394-9-kristen@linux.intel.com> <20200225174951.GA1373392@rani.riverdale.lan> Content-Type: text/plain; charset="UTF-8" User-Agent: Evolution 3.30.5 (3.30.5-1.fc29) MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, 2020-02-25 at 12:49 -0500, Arvind Sankar wrote: > On Wed, Feb 05, 2020 at 02:39:47PM -0800, Kristen Carlson Accardi > wrote: > > At boot time, find all the function sections that have separate > > .text > > sections, shuffle them, and then copy them to new locations. Adjust > > any relocations accordingly. > > > > Signed-off-by: Kristen Carlson Accardi > > --- > > arch/x86/boot/compressed/Makefile | 1 + > > arch/x86/boot/compressed/fgkaslr.c | 751 > > +++++++++++++++++++++++ > > arch/x86/boot/compressed/misc.c | 106 +++- > > arch/x86/boot/compressed/misc.h | 26 + > > arch/x86/boot/compressed/vmlinux.symbols | 15 + > > arch/x86/include/asm/boot.h | 15 +- > > arch/x86/include/asm/kaslr.h | 1 + > > arch/x86/lib/kaslr.c | 15 + > > scripts/kallsyms.c | 14 +- > > scripts/link-vmlinux.sh | 4 + > > 10 files changed, 939 insertions(+), 9 deletions(-) > > create mode 100644 arch/x86/boot/compressed/fgkaslr.c > > create mode 100644 arch/x86/boot/compressed/vmlinux.symbols > > > > diff --git a/arch/x86/boot/compressed/Makefile > > b/arch/x86/boot/compressed/Makefile > > index b7e5ea757ef4..60d4c4e59c05 100644 > > --- a/arch/x86/boot/compressed/Makefile > > +++ b/arch/x86/boot/compressed/Makefile > > @@ -122,6 +122,7 @@ OBJCOPYFLAGS_vmlinux.bin := -R .comment -S > > > > ifdef CONFIG_FG_KASLR > > RELOCS_ARGS += --fg-kaslr > > + OBJCOPYFLAGS += --keep-symbols=$(obj)/vmlinux.symbols > > I think this should be $(srctree)/$(src) rather than $(obj)? Using a > separate build directory fails currently. Thanks, I'll add this to my test plan for v1.