Received: by 2002:a25:b794:0:0:0:0:0 with SMTP id n20csp4260577ybh; Tue, 6 Aug 2019 08:46:07 -0700 (PDT) X-Google-Smtp-Source: APXvYqyeNiYtHNZ3Lv9/ULnhQq8kDQrjBKApTOrzoTtFsdr5XFXnaaK2IER9uoj85KG5Vk4ReEoH X-Received: by 2002:a17:90a:cf0d:: with SMTP id h13mr3836101pju.63.1565106367300; Tue, 06 Aug 2019 08:46:07 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1565106367; cv=none; d=google.com; s=arc-20160816; b=K8WjPHQvC/HcPMKeZJiTsiclzaaA+CKQ7KjYe7si1C0YuBfH2K2guly6ZSMDIheCNG EUgO7M4ujjsCgM42egVRzd6+XGypQdhaY0UCaLJPJFmIhoiYGPvDV9f7CHZfF30rv1NX r0DJBwlT0mzpRE93+iuqgMtQGNKXf0n7Erq5vbKqjt85gYfnA5/HXwMjLHk532nPf9e1 Rv61ruZlEd+rYOjbxPuE5QDbvWnYa1ns9e7Z6aiTSHpCvMs76LAkC3G2oyHFcJcMT+wO GqttbHfRxgjy6BsarRJ0Ag9VmFO5XyW4p0ds8zJl62XF1iJJ/icL7PrO8kixHGrKbl3E zqsg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature; bh=TDFDazt6//hwNfwRMzmVKFiu4ldxLz+yMwXDE8Lj5Eo=; b=p1wSTQ/YvaH1NtuL0pY10gVWAAjYeXY2RksVgFt9rZbtN+NqqA1/MklXIKxc/RT3NM MHMDFG5LyW3Dx38Nde5+QSrEm3Dqb1fYO+lihnLmlhb2Sgf7+9xHPuL2AcpJSFt308L/ I/LX3ZiIj8fLON52HQPm6K6bh0xwpUdVcUmkDpuLk+8BZnhd5kHK/C4n12Lqnx/cCSGj ko8Lmz7r1FC2wMCqA6fx111/zmbSeIST/95EhELY6/t6S9GU+bdNiNzxeJsoAwh8IgJd LIw/0cC6Hy7W8ThZ00gApW4deKg4ocu6qMabI14Xiwu6MxdNFUpi9idja0Gpkr3MD5np whDw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@alien8.de header.s=dkim header.b=dt2cjv9c; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=alien8.de Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id x9si36318313plv.182.2019.08.06.08.45.44; Tue, 06 Aug 2019 08:46:07 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@alien8.de header.s=dkim header.b=dt2cjv9c; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=alien8.de Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731664AbfHFPnu (ORCPT + 99 others); Tue, 6 Aug 2019 11:43:50 -0400 Received: from mail.skyhub.de ([5.9.137.197]:35336 "EHLO mail.skyhub.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728558AbfHFPnu (ORCPT ); Tue, 6 Aug 2019 11:43:50 -0400 Received: from zn.tnic (p200300EC2F0DA00008E04FA4C58F7CE4.dip0.t-ipconnect.de [IPv6:2003:ec:2f0d:a000:8e0:4fa4:c58f:7ce4]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.skyhub.de (SuperMail on ZX Spectrum 128k) with ESMTPSA id 42CB21EC0C42; Tue, 6 Aug 2019 17:43:48 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alien8.de; s=dkim; t=1565106228; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:in-reply-to:in-reply-to: references:references; bh=TDFDazt6//hwNfwRMzmVKFiu4ldxLz+yMwXDE8Lj5Eo=; b=dt2cjv9ck6Riog7ad+ewdarAX2dM8UrmZhk8qdfxpW8EfZWGjwleuVrU4g1cmXqrcn8Kh+ TWcpA8A1qy+/qbzkXNRCP6wNTc/+TBGiGV3muxnmmGbdGi77lel3IPkl79O3Iqqfn0x3XN 2iqBRrkAzDyyrAqpiKzGnDMqxESTm0c= Date: Tue, 6 Aug 2019 17:43:47 +0200 From: Borislav Petkov To: Thomas Garnier Cc: kernel-hardening@lists.openwall.com, kristen@linux.intel.com, keescook@chromium.org, Herbert Xu , "David S. Miller" , Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , x86@kernel.org, Andy Lutomirski , Juergen Gross , Thomas Hellstrom , "VMware, Inc." , "Rafael J. Wysocki" , Len Brown , Pavel Machek , Peter Zijlstra , Nadav Amit , Jann Horn , Feng Tang , Maran Wilson , Enrico Weigelt , Allison Randal , Alexios Zavras , linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org, virtualization@lists.linux-foundation.org, linux-pm@vger.kernel.org Subject: Re: [PATCH v9 00/11] x86: PIE support to extend KASLR randomization Message-ID: <20190806154347.GD25897@zn.tnic> References: <20190730191303.206365-1-thgarnie@chromium.org> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <20190730191303.206365-1-thgarnie@chromium.org> User-Agent: Mutt/1.10.1 (2018-07-13) Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org On Tue, Jul 30, 2019 at 12:12:44PM -0700, Thomas Garnier wrote: > These patches make some of the changes necessary to build the kernel as > Position Independent Executable (PIE) on x86_64. Another patchset will > add the PIE option and larger architecture changes. Yeah, about this: do we have a longer writeup about the actual benefits of all this and why we should take this all? After all, after looking at the first couple of asm patches, it is posing restrictions to how we deal with virtual addresses in asm (only RIP-relative addressing in 64-bit mode, MOVs with 64-bit immediates, etc, for example) and I'm willing to bet money that some future unrelated change will break PIE sooner or later. And I'd like to have a better justification why we should enforce those new "rules" unconditionally. Thx. -- Regards/Gruss, Boris. Good mailing practices for 400: avoid top-posting and trim the reply.