Re: [PATCH v2 00/27] x86: PIE support and option to extend KASLR randomization

[PATCH v2 00/27] x86: PIE support and option to extend KASLR randomization · Thomas Garnier <hidden> · 2018-03-13
[PATCH v2 01/27] x86/crypto: Adapt assembly for PIE support · Thomas Garnier <hidden> · 2018-03-13
[PATCH v2 02/27] x86: Use symbol name on bug table for PIE support · Thomas Garnier <hidden> · 2018-03-13
[PATCH v2 03/27] x86: Use symbol name in jump table for PIE support · Thomas Garnier <hidden> · 2018-03-13
[PATCH v2 04/27] x86: Add macro to get symbol address for PIE support · Thomas Garnier <hidden> · 2018-03-13
[PATCH v2 05/27] x86: relocate_kernel - Adapt assembly for PIE support · Thomas Garnier via Virtualization <hidden> · 2018-03-13
[PATCH v2 06/27] x86/entry/64: Adapt assembly for PIE support · Thomas Garnier via Virtualization <hidden> · 2018-03-13
[PATCH v2 07/27] x86: pm-trace - Adapt assembly for PIE support · Thomas Garnier via Virtualization <hidden> · 2018-03-13
[PATCH v2 08/27] x86/CPU: Adapt assembly for PIE support · Thomas Garnier via Virtualization <hidden> · 2018-03-13
[PATCH v2 09/27] x86/acpi: Adapt assembly for PIE support · Thomas Garnier via Virtualization <hidden> · 2018-03-13
[PATCH v2 10/27] x86/boot/64: Adapt assembly for PIE support · Thomas Garnier via Virtualization <hidden> · 2018-03-13
[PATCH v2 11/27] x86/power/64: Adapt assembly for PIE support · Thomas Garnier via Virtualization <hidden> · 2018-03-13
[PATCH v2 12/27] x86/paravirt: Adapt assembly for PIE support · Thomas Garnier via Virtualization <hidden> · 2018-03-13
[PATCH v2 13/27] x86/boot/64: Build head64.c as mcmodel large when PIE is enabled · Thomas Garnier via Virtualization <hidden> · 2018-03-13
[PATCH v2 14/27] x86/percpu: Adapt percpu for PIE support · Thomas Garnier via Virtualization <hidden> · 2018-03-13
[PATCH v2 15/27] compiler: Option to default to hidden symbols · Thomas Garnier via Virtualization <hidden> · 2018-03-13
[PATCH v2 16/27] compiler: Option to add PROVIDE_HIDDEN replacement for weak symbols · Thomas Garnier via Virtualization <hidden> · 2018-03-13
[PATCH v2 17/27] x86/relocs: Handle PIE relocations · Thomas Garnier via Virtualization <hidden> · 2018-03-13
[PATCH v2 18/27] xen: Adapt assembly for PIE support · Thomas Garnier via Virtualization <hidden> · 2018-03-13
[PATCH v2 19/27] kvm: Adapt assembly for PIE support · Thomas Garnier via Virtualization <hidden> · 2018-03-13
[PATCH v2 20/27] x86: Support global stack cookie · Thomas Garnier via Virtualization <hidden> · 2018-03-13
[PATCH v2 21/27] x86/ftrace: Adapt function tracing for PIE support · Thomas Garnier via Virtualization <hidden> · 2018-03-13
[PATCH v2 22/27] x86/modules: Add option to start module section after kernel · Thomas Garnier via Virtualization <hidden> · 2018-03-13
[PATCH v2 23/27] x86/modules: Adapt module loading for PIE support · Thomas Garnier via Virtualization <hidden> · 2018-03-13
[PATCH v2 24/27] x86/mm: Make the x86 GOT read-only · Thomas Garnier via Virtualization <hidden> · 2018-03-13
[PATCH v2 25/27] x86/pie: Add option to build the kernel as PIE · Thomas Garnier via Virtualization <hidden> · 2018-03-13
[PATCH v2 26/27] x86/relocs: Add option to generate 64-bit relocations · Thomas Garnier via Virtualization <hidden> · 2018-03-13
[PATCH v2 27/27] x86/kaslr: Add option to extend KASLR range from 1GB to 3GB · Thomas Garnier via Virtualization <hidden> · 2018-03-13
Re: [PATCH v2 00/27] x86: PIE support and option to extend KASLR randomization · Pavel Machek <hidden> · 2018-03-15

From: Pavel Machek <hidden>
Date: 2018-03-15 08:48:36
Also in: kvm, linux-arch, linux-crypto, linux-pm, lkml

Hi!

These patches make the changes necessary to build the kernel as Position
Independent Executable (PIE) on x86_64. A PIE kernel can be relocated below
the top 2G of the virtual address space. It allows to optionally extend the
KASLR randomization range from 1G to 3G.

Would you explain why PIE code is good idea?

You are adding less than 2 bits of randomness. Cost is new config
option, some size and performance impact, and more than 1000 lines of
code...

Is there some grand plan of adding 30 more bits of randomness with
future patch or something?
									Pavel
-- 
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help