From: Ingo Molnar Subject: Re: x86: PIE support and option to extend KASLR randomization Date: Fri, 11 Aug 2017 14:41:27 +0200 Message-ID: <20170811124127.kkb5pnkljz4umxuj@gmail.com> References: <20170810172615.51965-1-thgarnie@google.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Cc: Herbert Xu , "David S . Miller" , Thomas Gleixner , Ingo Molnar , "H . Peter Anvin" , Peter Zijlstra , Josh Poimboeuf , Arnd Bergmann , Matthias Kaehlcke , Boris Ostrovsky , Juergen Gross , Paolo Bonzini , Radim =?utf-8?B?S3LEjW3DocWZ?= , Joerg Roedel , Tom Lendacky , Andy Lutomirski , Borislav Petkov , Brian Gerst , "Kirill A . Shutemov" , "Rafael J . Wysocki" , Len Brown , Pavel Machek , Tejun Heo , Christoph Lamete To: Thomas Garnier Return-path: List-Post: List-Help: List-Unsubscribe: List-Subscribe: Sender: Ingo Molnar Content-Disposition: inline In-Reply-To: <20170810172615.51965-1-thgarnie@google.com> List-Id: linux-crypto.vger.kernel.org * Thomas Garnier wrote: > Changes: > - v2: > - Add support for global stack cookie while compiler default to fs without > mcmodel=kernel > - Change patch 7 to correctly jump out of the identity mapping on kexec load > preserve. > > These patches make the changes necessary to build the kernel as Position > Independent Executable (PIE) on x86_64. A PIE kernel can be relocated below > the top 2G of the virtual address space. It allows to optionally extend the > KASLR randomization range from 1G to 3G. So this: 61 files changed, 923 insertions(+), 299 deletions(-) ... is IMHO an _awful_ lot of churn and extra complexity in pretty fragile pieces of code, to gain what appears to be only ~1.5 more bits of randomization! Do these changes get us closer to being able to build the kernel as truly position independent, i.e. to place it anywhere in the valid x86-64 address space? Or any other advantages? Thanks, Ingo