[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] x86: PIE support and option to extend KASLR randomization

To: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>, "David S . Miller" <davem@xxxxxxxxxxxxx>, Thomas Gleixner <tglx@xxxxxxxxxxxxx>, Ingo Molnar <mingo@xxxxxxxxxx>, "H . Peter Anvin" <hpa@xxxxxxxxx>, Peter Zijlstra <peterz@xxxxxxxxxxxxx>, Josh Poimboeuf <jpoimboe@xxxxxxxxxx>, Arnd Bergmann <arnd@xxxxxxxx>, Thomas Garnier <thgarnie@xxxxxxxxxx>, Matthias Kaehlcke <mka@xxxxxxxxxxxx>, Boris Ostrovsky <boris.ostrovsky@xxxxxxxxxx>, Juergen Gross <jgross@xxxxxxxx>, Paolo Bonzini <pbonzini@xxxxxxxxxx>, Radim Krčmář <rkrcmar@xxxxxxxxxx>, Joerg Roedel <joro@xxxxxxxxxx>, Tom Lendacky <thomas.lendacky@xxxxxxx>, Andy Lutomirski <luto@xxxxxxxxxx>, Borislav Petkov <bp@xxxxxxx>, Brian Gerst <brgerst@xxxxxxxxx>, "Kirill A . Shutemov" <kirill.shutemov@xxxxxxxxxxxxxxx>, "Rafael J . Wysocki" <rjw@xxxxxxxxxxxxx>, Len Brown <len.brown@xxxxxxxxx>, Pavel Machek <pavel@xxxxxx>, Tejun Heo <tj@xxxxxxxxxx>, Christoph Lameter <cl@xxxxxxxxx>, Paul Gortmaker <paul.gortmaker@xxxxxxxxxxxxx>, Chris Metcalf <cmetcalf@xxxxxxxxxxxx>, Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>, "Paul E . McKenney" <paulmck@xxxxxxxxxxxxxxxxxx>, Nicolas Pitre <nicolas.pitre@xxxxxxxxxx>, Christopher Li <sparse@xxxxxxxxxxx>, "Rafael J . Wysocki" <rafael.j.wysocki@xxxxxxxxx>, Lukas Wunner <lukas@xxxxxxxxx>, Mika Westerberg <mika.westerberg@xxxxxxxxxxxxxxx>, Dou Liyang <douly.fnst@xxxxxxxxxxxxxx>, Daniel Borkmann <daniel@xxxxxxxxxxxxx>, Alexei Starovoitov <ast@xxxxxxxxxx>, Masahiro Yamada <yamada.masahiro@xxxxxxxxxxxxx>, Markus Trippelsdorf <markus@xxxxxxxxxxxxxxx>, Steven Rostedt <rostedt@xxxxxxxxxxx>, Kees Cook <keescook@xxxxxxxxxxxx>, Rik van Riel <riel@xxxxxxxxxx>, David Howells <dhowells@xxxxxxxxxx>, Waiman Long <longman@xxxxxxxxxx>, Kyle Huey <me@xxxxxxxxxxxx>, Peter Foley <pefoley2@xxxxxxxxxxx>, Tim Chen <tim.c.chen@xxxxxxxxxxxxxxx>, Catalin Marinas <catalin.marinas@xxxxxxx>, Ard Biesheuvel <ard.biesheuvel@xxxxxxxxxx>, Michal Hocko <mhocko@xxxxxxxx>, Matthew Wilcox <mawilcox@xxxxxxxxxxxxx>, "H . J . Lu" <hjl.tools@xxxxxxxxx>, Paul Bolle <pebolle@xxxxxxxxxx>, Rob Landley <rob@xxxxxxxxxxx>, Baoquan He <bhe@xxxxxxxxxx>, Daniel Micay <danielmicay@xxxxxxxxx>
From: Thomas Garnier <thgarnie@xxxxxxxxxx>
Date: Thu, 10 Aug 2017 10:25:52 -0700
Cc: linux-arch@xxxxxxxxxxxxxxx, kvm@xxxxxxxxxxxxxxx, linux-pm@xxxxxxxxxxxxxxx, x86@xxxxxxxxxx, linux-kernel@xxxxxxxxxxxxxxx, linux-sparse@xxxxxxxxxxxxxxx, linux-crypto@xxxxxxxxxxxxxxx, kernel-hardening@xxxxxxxxxxxxxxxxxx, xen-devel@xxxxxxxxxxxxxxxxxxxx
Delivery-date: Thu, 10 Aug 2017 17:26:51 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

Changes:
 - v2:
   - Add support for global stack cookie while compiler default to fs without
     mcmodel=kernel
   - Change patch 7 to correctly jump out of the identity mapping on kexec load
     preserve.

These patches make the changes necessary to build the kernel as Position
Independent Executable (PIE) on x86_64. A PIE kernel can be relocated below
the top 2G of the virtual address space. It allows to optionally extend the
KASLR randomization range from 1G to 3G.

Thanks a lot to Ard Biesheuvel & Kees Cook on their feedback on compiler
changes, PIE support and KASLR in general.

The patches:
 - 1-3, 5-15: Change in assembly code to be PIE compliant.
 - 4: Add a new _ASM_GET_PTR macro to fetch a symbol address generically.
 - 16: Adapt percpu design to work correctly when PIE is enabled.
 - 17: Provide an option to default visibility to hidden except for key symbols.
       It removes errors between compilation units.
 - 18: Adapt relocation tool to handle PIE binary correctly.
 - 19: Add support for global cookie
 - 20: Add the CONFIG_X86_PIE option (off by default)
 - 21: Adapt relocation tool to generate a 64-bit relocation table.
 - 22: Add options to build modules as mcmodel=large and dynamically create a
       PLT for relative references out of range (adapted from arm64).
 - 23: Add the CONFIG_RANDOMIZE_BASE_LARGE option to increase relocation range
       from 1G to 3G (off by default).

Performance/Size impact:

Hackbench (50% and 1600% loads):
 - PIE disabled: no significant change (-0.50% / +0.50%)
 - PIE enabled: 7% to 8% on half load, 10% on heavy load.

These results are aligned with the different research on user-mode PIE
impact on cpu intensive benchmarks (around 10% on x86_64).

slab_test (average of 10 runs):
 - PIE disabled: no significant change (-1% / +1%)
 - PIE enabled: 3% to 4%

Kernbench (average of 10 Half and Optimal runs):
 Elapsed Time:
 - PIE disabled: no significant change (-0.22% / +0.06%)
 - PIE enabled: around 0.50%
 System Time:
 - PIE disabled: no significant change (-0.99% / -1.28%)
 - PIE enabled: 5% to 6%

Size of vmlinux (Ubuntu configuration):
 File size:
 - PIE disabled: 472928672 bytes (-0.000169% from baseline)
 - PIE enabled: 216878461 bytes (-54.14% from baseline)
 .text sections:
 - PIE disabled: 9373572 bytes (+0.04% from baseline)
 - PIE enabled: 9499138 bytes (+1.38% from baseline)

The big decrease in vmlinux file size is due to the lower number of
relocations appended to the file.

diffstat:
 arch/x86/Kconfig                             |   42 +++++
 arch/x86/Makefile                            |   28 +++
 arch/x86/boot/boot.h                         |    2 
 arch/x86/boot/compressed/Makefile            |    5 
 arch/x86/boot/compressed/misc.c              |   10 +
 arch/x86/crypto/aes-x86_64-asm_64.S          |   45 +++---
 arch/x86/crypto/aesni-intel_asm.S            |   14 +
 arch/x86/crypto/aesni-intel_avx-x86_64.S     |    6 
 arch/x86/crypto/camellia-aesni-avx-asm_64.S  |   42 ++---
 arch/x86/crypto/camellia-aesni-avx2-asm_64.S |   44 +++---
 arch/x86/crypto/camellia-x86_64-asm_64.S     |    8 -
 arch/x86/crypto/cast5-avx-x86_64-asm_64.S    |   50 +++---
 arch/x86/crypto/cast6-avx-x86_64-asm_64.S    |   44 +++---
 arch/x86/crypto/des3_ede-asm_64.S            |   96 ++++++++-----
 arch/x86/crypto/ghash-clmulni-intel_asm.S    |    4 
 arch/x86/crypto/glue_helper-asm-avx.S        |    4 
 arch/x86/crypto/glue_helper-asm-avx2.S       |    6 
 arch/x86/entry/entry_32.S                    |    3 
 arch/x86/entry/entry_64.S                    |   29 ++-
 arch/x86/include/asm/asm.h                   |   13 +
 arch/x86/include/asm/bug.h                   |    2 
 arch/x86/include/asm/jump_label.h            |    8 -
 arch/x86/include/asm/kvm_host.h              |    6 
 arch/x86/include/asm/module.h                |   17 ++
 arch/x86/include/asm/page_64_types.h         |    9 +
 arch/x86/include/asm/paravirt_types.h        |   12 +
 arch/x86/include/asm/percpu.h                |   25 ++-
 arch/x86/include/asm/pm-trace.h              |    2 
 arch/x86/include/asm/processor.h             |   11 -
 arch/x86/include/asm/setup.h                 |    2 
 arch/x86/include/asm/stackprotector.h        |   19 +-
 arch/x86/kernel/Makefile                     |    2 
 arch/x86/kernel/acpi/wakeup_64.S             |   31 ++--
 arch/x86/kernel/asm-offsets.c                |    3 
 arch/x86/kernel/asm-offsets_32.c             |    3 
 arch/x86/kernel/asm-offsets_64.c             |    3 
 arch/x86/kernel/cpu/common.c                 |    7 
 arch/x86/kernel/head64.c                     |   30 +++-
 arch/x86/kernel/head_32.S                    |    3 
 arch/x86/kernel/head_64.S                    |   46 +++++-
 arch/x86/kernel/kvm.c                        |    6 
 arch/x86/kernel/module-plts.c                |  198 +++++++++++++++++++++++++++
 arch/x86/kernel/module.c                     |   18 +-
 arch/x86/kernel/module.lds                   |    4 
 arch/x86/kernel/process.c                    |    5 
 arch/x86/kernel/relocate_kernel_64.S         |    8 -
 arch/x86/kernel/setup_percpu.c               |    2 
 arch/x86/kernel/vmlinux.lds.S                |   13 +
 arch/x86/kvm/svm.c                           |    4 
 arch/x86/lib/cmpxchg16b_emu.S                |    8 -
 arch/x86/power/hibernate_asm_64.S            |    4 
 arch/x86/tools/relocs.c                      |  134 +++++++++++++++---
 arch/x86/tools/relocs.h                      |    4 
 arch/x86/tools/relocs_common.c               |   15 +-
 arch/x86/xen/xen-asm.S                       |   12 -
 arch/x86/xen/xen-asm.h                       |    3 
 arch/x86/xen/xen-head.S                      |    9 -
 include/asm-generic/sections.h               |    6 
 include/linux/compiler.h                     |    8 +
 init/Kconfig                                 |    9 +
 kernel/kallsyms.c                            |   16 +-
 61 files changed, 923 insertions(+), 299 deletions(-)


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
https://lists.xen.org/xen-devel

Follow-Ups:
- Re: [Xen-devel] x86: PIE support and option to extend KASLR randomization
  - From: Ingo Molnar
- [Xen-devel] [RFC v2 23/23] x86/kaslr: Add option to extend KASLR range from 1GB to 3GB
  - From: Thomas Garnier
- [Xen-devel] [RFC v2 22/23] x86/module: Add support for mcmodel large and PLTs
  - From: Thomas Garnier
- [Xen-devel] [RFC v2 21/23] x86/relocs: Add option to generate 64-bit relocations
  - From: Thomas Garnier
- [Xen-devel] [RFC v2 19/23] x86: Support global stack cookie
  - From: Thomas Garnier
- [Xen-devel] [RFC v2 20/23] x86/pie: Add option to build the kernel as PIE for x86_64
  - From: Thomas Garnier
- [Xen-devel] [RFC v2 18/23] x86/relocs: Handle DYN relocations for PIE support
  - From: Thomas Garnier
- [Xen-devel] [RFC v2 17/23] compiler: Option to default to hidden symbols
  - From: Thomas Garnier
- [Xen-devel] [RFC v2 16/23] x86/percpu: Adapt percpu for PIE support
  - From: Thomas Garnier
- [Xen-devel] [RFC v2 15/23] x86/boot/64: Use _text in a global for PIE support
  - From: Thomas Garnier
- [Xen-devel] [RFC v2 14/23] x86/paravirt: Adapt assembly for PIE support
  - From: Thomas Garnier
- [Xen-devel] [RFC v2 13/23] x86/power/64: Adapt assembly for PIE support
  - From: Thomas Garnier
- [Xen-devel] [RFC v2 12/23] x86/boot/64: Adapt assembly for PIE support
  - From: Thomas Garnier
- [Xen-devel] [RFC v2 11/23] x86/acpi: Adapt assembly for PIE support
  - From: Thomas Garnier
- [Xen-devel] [RFC v2 10/23] x86/CPU: Adapt assembly for PIE support
  - From: Thomas Garnier
- [Xen-devel] [RFC v2 09/23] x86: pm-trace - Adapt assembly for PIE support
  - From: Thomas Garnier
- [Xen-devel] [RFC v2 08/23] x86/entry/64: Adapt assembly for PIE support
  - From: Thomas Garnier
- [Xen-devel] [RFC v2 07/23] x86: relocate_kernel - Adapt assembly for PIE support
  - From: Thomas Garnier
- [Xen-devel] [RFC v2 06/23] kvm: Adapt assembly for PIE support
  - From: Thomas Garnier
- [Xen-devel] [RFC v2 05/23] xen: Adapt assembly for PIE support
  - From: Thomas Garnier
- [Xen-devel] [RFC v2 04/23] x86: Add macro to get symbol address for PIE support
  - From: Thomas Garnier
- [Xen-devel] [RFC v2 03/23] x86: Use symbol name in jump table for PIE support
  - From: Thomas Garnier
- [Xen-devel] [RFC v2 01/23] x86/crypto: Adapt assembly for PIE support
  - From: Thomas Garnier
- [Xen-devel] [RFC v2 02/23] x86: Use symbol name on bug table for PIE support
  - From: Thomas Garnier

Prev by Date: [Xen-devel] [PATCH v2] xen: remove struct domain and vcpu declarations from types.h
Next by Date: [Xen-devel] [RFC v2 02/23] x86: Use symbol name on bug table for PIE support
Previous by thread: [Xen-devel] [PATCH v2] xen: remove struct domain and vcpu declarations from types.h
Next by thread: [Xen-devel] [RFC v2 02/23] x86: Use symbol name on bug table for PIE support
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.