Received: by 2002:a05:7412:d8a:b0:e2:908c:2ebd with SMTP id b10csp3649087rdg; Wed, 18 Oct 2023 01:36:59 -0700 (PDT) X-Google-Smtp-Source: AGHT+IEibkPS65JKnMsYlWN5gkbIhBqtE8lmQzWZ92snr45jwjmRlzQM84tOfD0Wh3yd5JiVxiux X-Received: by 2002:a05:6a21:7794:b0:16b:8154:2168 with SMTP id bd20-20020a056a21779400b0016b81542168mr4160049pzc.26.1697618219654; Wed, 18 Oct 2023 01:36:59 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1697618219; cv=none; d=google.com; s=arc-20160816; b=BLRpeP935YNDAPTuB+YBgwPCK/sfJ0x3uOZHyDEDi3jzYxyImb9U5HRQfXgTIt5C9X SoW8x3ydkfj5LxUUz9Ks/zqzs1MngGmhhb19hqnMUlL0BFDn1N6gGRXgi7+8PtCv+RKI z1j/EqfQNooKMn/e4t3ukFJ3AzAj6lTpTYX7kqOOVRs5VfdwiYR3BT5Tvaaqno+pCdyt c4+6+ZXvd5ErNUrOOAXshayY/sYeerbTDFJqEcrOVjstcHKUJbbft8eWlpsyhCEivxOy ZrebJCnow4aubMt6bgPMZFYEp1YDDBUTcYJELDWr1lXC3pHw7fyfayY5I6YOUK8oFLUO vLtQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:user-agent:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date; bh=pQ0JRZVBDJ7nHo0yOjF5cFutQyKux5x/FnPLddA/OOw=; fh=JtlsLIyDAF0AyCFE2/rtYfOy2zyGRNkJ1YC0ceGAzPE=; b=yRFXIum8e+GzgL/4G+G+Ux58WFo8UyjtT073nKasKZFEltadudanfUiQa0y6MjlBaD cmoV9RUouxBR/k9YT543FunYGqxXXS9rt3ppoV9Z50n5JixdvqRRvFevbcxyuqXYYjy+ Rn3MjXjoyJYjncV4GYbwFwMRqPttsJS+uEgUyOOc9xzyG3tvvLT+Eo8em6xnQ39xyaeO CvZD9Fcu0ooiv7Qbbc/FFg1UGxU9a4fuo80c1WGsRTUVpgi3U3iGCPISe9iyZOEPHWQE J21oAC4jlC54gOilD/eFQVWD4liZqMfkhJdI/I5QssJiXQdoJvirkA3sRd73LekRt9Ql pBKw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.32 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=antgroup.com Return-Path: Received: from agentk.vger.email (agentk.vger.email. [23.128.96.32]) by mx.google.com with ESMTPS id a4-20020a63e404000000b0057771e49c25si733221pgi.693.2023.10.18.01.36.59 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 18 Oct 2023 01:36:59 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.32 as permitted sender) client-ip=23.128.96.32; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.32 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=antgroup.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by agentk.vger.email (Postfix) with ESMTP id 8461380D1581; Wed, 18 Oct 2023 01:36:57 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at agentk.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1344678AbjJRIgv (ORCPT + 99 others); Wed, 18 Oct 2023 04:36:51 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:50624 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235151AbjJRIgu (ORCPT ); Wed, 18 Oct 2023 04:36:50 -0400 Received: from out0-208.mail.aliyun.com (out0-208.mail.aliyun.com [140.205.0.208]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D8FCEB6 for ; Wed, 18 Oct 2023 01:36:47 -0700 (PDT) X-Alimail-AntiSpam: AC=PASS;BC=-1|-1;BR=01201311R101e4;CH=green;DM=||false|;DS=||;FP=0|-1|-1|-1|0|-1|-1|-1;HT=ay29a033018047205;MF=houwenlong.hwl@antgroup.com;NM=1;PH=DS;RN=13;SR=0;TI=SMTPD_---.V1uac8-_1697618204; Received: from localhost(mailfrom:houwenlong.hwl@antgroup.com fp:SMTPD_---.V1uac8-_1697618204) by smtp.aliyun-inc.com; Wed, 18 Oct 2023 16:36:45 +0800 Date: Wed, 18 Oct 2023 16:36:43 +0800 From: "Hou Wenlong" To: Ingo Molnar Cc: , "Lai Jiangshan" , "Thomas Gleixner" , "Ingo Molnar" , "Borislav Petkov" , "Dave Hansen" , "=?UTF-8?B?bWFpbnRhaW5lcjpYODYgQVJDSElURUNUVVJFIDMyLUJJVCBBTkQgNjQtQklU?=" , "H. Peter Anvin" , "Josh Poimboeuf" , "Anshuman Khandual" , "Mike Rapoport" , "Pasha Tatashin" Subject: Re: [PATCH RFC 1/7] x86/head/64: Mark startup_gdt and startup_gdt_descr as __initdata Message-ID: <20231018083643.GB87734@k08j02272.eu95sqa> References: <20231017072311.GA46993@k08j02272.eu95sqa> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.21 (2010-09-15) X-Spam-Status: No, score=-0.7 required=5.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,UNPARSEABLE_RELAY autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on agentk.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (agentk.vger.email [0.0.0.0]); Wed, 18 Oct 2023 01:36:57 -0700 (PDT) On Tue, Oct 17, 2023 at 09:02:27PM +0800, Ingo Molnar wrote: > > * Hou Wenlong wrote: > > > Hi Ingo, > > > > I have sent patch #6 separately for x86. Do you have any ideas about > > building the head code as PIE? Should I resend the patchset for the PIE > > feature? > > So I had a brief look, and despite reading 0/43 it was unclear to me what > the precise advantages of building as PIE are. > > Ie. could you please outline: > > - *Exactly* how much PIE based KASLR randomization would gain us in terms > of randomization granularity and effective number of randomization bits, > compared to the current status quo? > > - How is code generation changed at the instruction level - how does > kernel size change and what are the micro-advantages/disadvantages? > > - Are there any other advantages/motivation than improving KASLR? > > Ie. before asking us to apply ~50 patches and add a whole new build mode > and the maintainance overhead to support it into infinity and beyond, could > you please offer a better list of pros and cons? > Hi Ingo, Thanks for your reply. I apologize for the confusion. Waht I meant to say is that I would like to resend the remaining part of this patchset that building the head code as PIE. As mentioned in the cover letter, building the head code as PIE can eliminate certain workarounds such as the "fixup_pointer" in head64.c and the inline assembly in mem_encrypt_identity.c. This is considered a cleanup. However, it is still necessary to use inline assembly to obtain the absolute symbol value during the pagetable building process. Regarding the entire PIE patchset, I agree that it is complex and there are no obvious use cases apart from improving KASLR. As mentioned earlier, the primary motivation is to increase the flexibility of the kernel image address rather than prioritizing security, enabling the kernel image to be placed at any virtual address. The use cases in our internal environment are specific and not widespread, so we do not feel an urgent need to push it forward at the moment. Thanks! > Thanks, > > Ingo