From: Thomas Garnier Subject: Re: x86: PIE support and option to extend KASLR randomization Date: Fri, 22 Sep 2017 16:55:27 -0700 Message-ID: References: <20170815075609.mmzbfwritjzvrpsn@gmail.com> <20170816151235.oamkdva6cwpc4cex@gmail.com> <20170817080920.5ljlkktngw2cisfg@gmail.com> <20170825080443.tvvr6wzs362cjcuu@gmail.com> <20170921155919.skpyt7dutod5ul4t@gmail.com> Mime-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Cc: Ingo Molnar , Herbert Xu , "David S . Miller" , Thomas Gleixner , Ingo Molnar , "H . Peter Anvin" , Peter Zijlstra , Josh Poimboeuf , Arnd Bergmann , Matthias Kaehlcke , Boris Ostrovsky , Juergen Gross , Paolo Bonzini , =?UTF-8?B?UmFkaW0gS3LEjW3DocWZ?= , Joerg Roedel , Tom Lendacky , Andy Lutomirski , Borislav Petkov , Brian Gerst , "Kirill A . Shutemov" , "Rafael J . Wysocki" , Len Brown , Pavel Machek , Tejun H To: Ard Biesheuvel Return-path: List-Post: List-Help: List-Unsubscribe: List-Subscribe: In-Reply-To: List-Id: linux-crypto.vger.kernel.org On Thu, Sep 21, 2017 at 2:21 PM, Thomas Garnier wrote: > On Thu, Sep 21, 2017 at 9:10 AM, Ard Biesheuvel > wrote: >> >> On 21 September 2017 at 08:59, Ingo Molnar wrote: >> > >> > ( Sorry about the delay in answering this. I could blame the delay on the merge >> > window, but in reality I've been procrastinating this is due to the permanent, >> > non-trivial impact PIE has on generated C code. ) >> > >> > * Thomas Garnier wrote: >> > >> >> 1) PIE sometime needs two instructions to represent a single >> >> instruction on mcmodel=kernel. >> > >> > What again is the typical frequency of this occurring in an x86-64 defconfig >> > kernel, with the very latest GCC? >> > >> > Also, to make sure: which unwinder did you use for your measurements, >> > frame-pointers or ORC? Please use ORC only for future numbers, as >> > frame-pointers is obsolete from a performance measurement POV. >> > >> >> 2) GCC does not optimize switches in PIE in order to reduce relocations: >> > >> > Hopefully this can either be fixed in GCC or at least influenced via a compiler >> > switch in the future. >> > >> >> There are somewhat related concerns in the ARM world, so it would be >> good if we could work with the GCC developers to get a more high level >> and arch neutral command line option (-mkernel-pie? sounds yummy!) >> that stops the compiler from making inferences that only hold for >> shared libraries and/or other hosted executables (GOT indirections, >> avoiding text relocations etc). That way, we will also be able to drop >> the 'hidden' visibility override at some point, which we currently >> need to prevent the compiler from redirecting all global symbol >> references via entries in the GOT. > > My plan was to add a -mtls-reg= to switch the default segment > register for stack cookies but I can see great benefits in having a > more general kernel flag that would allow to get rid of the GOT and > PLT when you are building position independent code for the kernel. It > could also include optimizations like folding switch tables etc... > > Should we start a separate discussion on that? Anyone that would be > more experienced than I to push that to gcc & clang upstream? After separate discussion, opened: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=82303 > >> >> All we really need is the ability to move the image around in virtual >> memory, and things like reducing the CoW footprint or enabling ELF >> symbol preemption are completely irrelevant for us. > > > > > -- > Thomas -- Thomas