From: Peter Zijlstra Subject: Re: x86: PIE support and option to extend KASLR randomization Date: Mon, 21 Aug 2017 16:31:17 +0200 Message-ID: <20170821143117.22sekggxizt3mhze@hirez.programming.kicks-ass.net> References: <20170810172615.51965-1-thgarnie@google.com> <20170811124127.kkb5pnkljz4umxuj@gmail.com> <20170815075609.mmzbfwritjzvrpsn@gmail.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Cc: Ingo Molnar , Herbert Xu , "David S . Miller" , Thomas Gleixner , Ingo Molnar , "H . Peter Anvin" , Josh Poimboeuf , Arnd Bergmann , Matthias Kaehlcke , Boris Ostrovsky , Juergen Gross , Paolo Bonzini , Radim =?utf-8?B?S3LEjW3DocWZ?= , Joerg Roedel , Tom Lendacky , Andy Lutomirski , Borislav Petkov , Brian Gerst , "Kirill A . Shutemov" , "Rafael J . Wysocki" , Len Brown , Pavel Machek , Tejun Heo , Christoph Lameter Return-path: List-Post: List-Help: List-Unsubscribe: List-Subscribe: Content-Disposition: inline In-Reply-To: List-Id: linux-crypto.vger.kernel.org On Tue, Aug 15, 2017 at 07:20:38AM -0700, Thomas Garnier wrote: > On Tue, Aug 15, 2017 at 12:56 AM, Ingo Molnar wrote: > > Have you considered a kernel with -mcmodel=small (or medium) instead of -fpie > > -mcmodel=large? We can pick a random 2GB window in the (non-kernel) canonical > > x86-64 address space to randomize the location of kernel text. The location of > > modules can be further randomized within that 2GB window. > > -model=small/medium assume you are on the low 32-bit. It generates > instructions where the virtual addresses have the high 32-bit to be > zero. That's a compiler fail, right? Because the SDM states that for "CALL rel32" the 32bit displacement is sign extended on x86_64.