[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] x86: PIE support and option to extend KASLR randomization

To: "H. Peter Anvin" <hpa@xxxxxxxxx>,Kees Cook <keescook@xxxxxxxxxxxx>
From: hjl.tools@xxxxxxxxx
Date: Sat, 23 Sep 2017 06:30:12 +0800
Cc: Radim Krčmář <rkrcmar@xxxxxxxxxx>, Peter Zijlstra <peterz@xxxxxxxxxxxxx>, Paul Gortmaker <paul.gortmaker@xxxxxxxxxxxxx>, Pavel Machek <pavel@xxxxxx>, Christoph Lameter <cl@xxxxxxxxx>, Ingo Molnar <mingo@xxxxxxxxxx>, Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>, Joerg Roedel <joro@xxxxxxxxxx>, Matthias Kaehlcke <mka@xxxxxxxxxxxx>, Borislav Petkov <bp@xxxxxxx>, Len Brown <len.brown@xxxxxxxxx>, Arnd Bergmann <arnd@xxxxxxxx>, Brian Gerst <brgerst@xxxxxxxxx>, Andy Lutomirski <luto@xxxxxxxxxx>, Josh Poimboeuf <jpoimboe@xxxxxxxxxx>, Chris, Boris Ostrovsky <boris.ostrovsky@xxxxxxxxxx>, Ingo Molnar <mingo@xxxxxxxxxx>, Juergen Gross <jgross@xxxxxxxx>, "Rafael J . Wysocki" <rjw@xxxxxxxxxxxxx>, "David S . Miller" <davem@xxxxxxxxxxxxx>, Thomas Gleixner <tglx@xxxxxxxxxxxxx>, Tejun Heo <tj@xxxxxxxxxx>, Paolo Bonzini <pbonzini@xxxxxxxxxx>, Tom Lendacky <thomas.lendacky@xxxxxxx>, Thomas Garnier <thgarnie@xxxxxxxxxx>, "Kirill A . Shutemov" <kirill.shutemov@xxxxxxxxxxxxxxx>
Delivery-date: Sat, 23 Sep 2017 06:21:47 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

<cmetcalf@xxxxxxxxxxxx>,Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>,"Paul E . 
McKenney" <paulmck@xxxxxxxxxxxxxxxxxx>,Nicolas Pitre 
<nicolas.pitre@xxxxxxxxxx>,Christopher Li <sparse@xxxxxxxxxxx>,"Rafael J . 
Wysocki" <rafael.j.wysocki@xxxxxxxxx>,Lukas Wunner <lukas@xxxxxxxxx>,Mika 
Westerberg <mika.westerberg@xxxxxxxxxxxxxxx>,Dou Liyang 
<douly.fnst@xxxxxxxxxxxxxx>,Daniel Borkmann <daniel@xxxxxxxxxxxxx>,Alexei 
Starovoitov <ast@xxxxxxxxxx>,Masahiro Yamada 
<yamada.masahiro@xxxxxxxxxxxxx>,Markus Trippelsdorf 
<markus@xxxxxxxxxxxxxxx>,Steven Rostedt <rostedt@xxxxxxxxxxx>,Rik van Riel 
<riel@xxxxxxxxxx>,David Howells <dhowells@xxxxxxxxxx>,Waiman Long 
<longman@xxxxxxxxxx>,Kyle Huey <me@xxxxxxxxxxxx>,Peter Foley 
<pefoley2@xxxxxxxxxxx>,Tim Chen <tim.c.chen@xxxxxxxxxxxxxxx>,Catalin Marinas 
<catalin.marinas@xxxxxxx>,Ard Biesheuvel <ard.biesheuvel@xxxxxxxxxx>,Michal 
Hocko <mhocko@xxxxxxxx>,Matthew Wilcox <mawilcox@xxxxxxxxxxxxx>,Paul Bolle 
<pebolle@xxxxxxxxxx>,Rob Landley <rob@xxxxxxxxxxx>,Baoquan He
<bhe@xxxxxxxxxx>,Daniel Micay <danielmicay@xxxxxxxxx>,the arch/x86 maintainers 
<x86@xxxxxxxxxx>,Linux Crypto Mailing List <linux-crypto@xxxxxxxxxxxxxxx>,LKML 
<linux-kernel@xxxxxxxxxxxxxxx>,xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>,kvm 
list <kvm@xxxxxxxxxxxxxxx>,Linux PM list <linux-pm@xxxxxxxxxxxxxxx>,linux-arch 
<linux-arch@xxxxxxxxxxxxxxx>,Sparse Mailing-list 
<linux-sparse@xxxxxxxxxxxxxxx>,Kernel Hardening 
<kernel-hardening@xxxxxxxxxxxxxxxxxx>,Linus Torvalds 
<torvalds@xxxxxxxxxxxxxxxxxxxx>,Peter Zijlstra 
<a.p.zijlstra@xxxxxxxxx>,Borislav Petkov <bp@xxxxxxxxx>
From: "H.J. Lu" <hjl.tools@xxxxxxxxx>
Message-ID: <CFFA3E3A-3136-4FAF-80E1-96A515A5C903@xxxxxxxxx>

On September 23, 2017 3:06:16 AM GMT+08:00, "H. Peter Anvin" <hpa@xxxxxxxxx> 
wrote:
>On 09/22/17 11:57, Kees Cook wrote:
>> On Fri, Sep 22, 2017 at 11:38 AM, H. Peter Anvin <hpa@xxxxxxxxx>
>wrote:
>>> We lose EBX on 32 bits, but we don't lose RBX on 64 bits - since
>x86-64
>>> has RIP-relative addressing there is no need for a dedicated PIC
>register.
>> 
>> FWIW, since gcc 5, the PIC register isn't totally lost. It is now
>> reusable, and that seems to have improved performance:
>> https://gcc.gnu.org/gcc-5/changes.html
>
>It still talks about a PIC register on x86-64, which confuses me.
>Perhaps older gcc's would allocate a PIC register under certain
>circumstances, and then lose it for the entire function?
>
>For i386, the PIC register is required by the ABI to be %ebx at the
>point any PLT entry is called.  Not an issue with -mno-plt which goes
>straight to the GOT, although in most cases there needs to be a PIC
>register to find the GOT unless load-time relocation is permitted.
>
>       -hpa
We need a static PIE option so that compiler can optimize it
without using hidden visibility.
-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
https://lists.xen.org/xen-devel

References:
- Re: [Xen-devel] x86: PIE support and option to extend KASLR randomization
  - From: Ingo Molnar
- Re: [Xen-devel] x86: PIE support and option to extend KASLR randomization
  - From: Thomas Garnier
- Re: [Xen-devel] x86: PIE support and option to extend KASLR randomization
  - From: Ingo Molnar
- Re: [Xen-devel] x86: PIE support and option to extend KASLR randomization
  - From: H. Peter Anvin
- Re: [Xen-devel] x86: PIE support and option to extend KASLR randomization
  - From: Kees Cook
- Re: [Xen-devel] x86: PIE support and option to extend KASLR randomization
  - From: H. Peter Anvin

Prev by Date: Re: [Xen-devel] x86: PIE support and option to extend KASLR randomization
Next by Date: [Xen-devel] [ovmf baseline-only test] 72146: all pass
Previous by thread: Re: [Xen-devel] x86: PIE support and option to extend KASLR randomization
Next by thread: Re: [Xen-devel] x86: PIE support and option to extend KASLR randomization
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.