[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] x86: PIE support and option to extend KASLR randomization



<cmetcalf@xxxxxxxxxxxx>,Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>,"Paul E . 
McKenney" <paulmck@xxxxxxxxxxxxxxxxxx>,Nicolas Pitre 
<nicolas.pitre@xxxxxxxxxx>,Christopher Li <sparse@xxxxxxxxxxx>,"Rafael J . 
Wysocki" <rafael.j.wysocki@xxxxxxxxx>,Lukas Wunner <lukas@xxxxxxxxx>,Mika 
Westerberg <mika.westerberg@xxxxxxxxxxxxxxx>,Dou Liyang 
<douly.fnst@xxxxxxxxxxxxxx>,Daniel Borkmann <daniel@xxxxxxxxxxxxx>,Alexei 
Starovoitov <ast@xxxxxxxxxx>,Masahiro Yamada 
<yamada.masahiro@xxxxxxxxxxxxx>,Markus Trippelsdorf 
<markus@xxxxxxxxxxxxxxx>,Steven Rostedt <rostedt@xxxxxxxxxxx>,Rik van Riel 
<riel@xxxxxxxxxx>,David Howells <dhowells@xxxxxxxxxx>,Waiman Long 
<longman@xxxxxxxxxx>,Kyle Huey <me@xxxxxxxxxxxx>,Peter Foley 
<pefoley2@xxxxxxxxxxx>,Tim Chen <tim.c.chen@xxxxxxxxxxxxxxx>,Catalin Marinas 
<catalin.marinas@xxxxxxx>,Ard Biesheuvel <ard.biesheuvel@xxxxxxxxxx>,Michal 
Hocko <mhocko@xxxxxxxx>,Matthew Wilcox <mawilcox@xxxxxxxxxxxxx>,Paul Bolle 
<pebolle@xxxxxxxxxx>,Rob Landley <rob@xxxxxxxxxxx>,Baoquan He
<bhe@xxxxxxxxxx>,Daniel Micay <danielmicay@xxxxxxxxx>,the arch/x86 maintainers 
<x86@xxxxxxxxxx>,Linux Crypto Mailing List <linux-crypto@xxxxxxxxxxxxxxx>,LKML 
<linux-kernel@xxxxxxxxxxxxxxx>,xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>,kvm 
list <kvm@xxxxxxxxxxxxxxx>,Linux PM list <linux-pm@xxxxxxxxxxxxxxx>,linux-arch 
<linux-arch@xxxxxxxxxxxxxxx>,Sparse Mailing-list 
<linux-sparse@xxxxxxxxxxxxxxx>,Kernel Hardening 
<kernel-hardening@xxxxxxxxxxxxxxxxxx>,Linus Torvalds 
<torvalds@xxxxxxxxxxxxxxxxxxxx>,Peter Zijlstra 
<a.p.zijlstra@xxxxxxxxx>,Borislav Petkov <bp@xxxxxxxxx>
From: "H.J. Lu" <hjl.tools@xxxxxxxxx>
Message-ID: <CFFA3E3A-3136-4FAF-80E1-96A515A5C903@xxxxxxxxx>



On September 23, 2017 3:06:16 AM GMT+08:00, "H. Peter Anvin" <hpa@xxxxxxxxx> 
wrote:
>On 09/22/17 11:57, Kees Cook wrote:
>> On Fri, Sep 22, 2017 at 11:38 AM, H. Peter Anvin <hpa@xxxxxxxxx>
>wrote:
>>> We lose EBX on 32 bits, but we don't lose RBX on 64 bits - since
>x86-64
>>> has RIP-relative addressing there is no need for a dedicated PIC
>register.
>> 
>> FWIW, since gcc 5, the PIC register isn't totally lost. It is now
>> reusable, and that seems to have improved performance:
>> https://gcc.gnu.org/gcc-5/changes.html
>
>It still talks about a PIC register on x86-64, which confuses me.
>Perhaps older gcc's would allocate a PIC register under certain
>circumstances, and then lose it for the entire function?
>
>For i386, the PIC register is required by the ABI to be %ebx at the
>point any PLT entry is called.  Not an issue with -mno-plt which goes
>straight to the GOT, although in most cases there needs to be a PIC
>register to find the GOT unless load-time relocation is permitted.
>
>       -hpa
We need a static PIE option so that compiler can optimize it
without using hidden visibility.
-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
https://lists.xen.org/xen-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.