[PATCH v4 15/27] compiler: Option to default to hidden symbols

/end of sections). In this case, older versions of GCC will remove the comparison if the symbols are hidden. This issue exists at least on gcc 4.9 and before. Signed-off-by: Thomas Garnier --- arch/x86/boot/boot.h | 2 +- arch/x86/include/asm/setup.h | 2 +- arch/x86

[PATCH v4 14/27] x86/percpu: Adapt percpu for PIE support

Executable (PIE) support will allow to extend the KASLR randomization range 0x8000. Signed-off-by: Thomas Garnier --- arch/x86/entry/calling.h | 2 +- arch/x86/entry/entry_64.S| 4 ++-- arch/x86/include/asm/percpu.h| 25 +++-- arch/x86/include/asm

[PATCH v4 09/27] x86/acpi: Adapt assembly for PIE support

Change the assembly code to use only relative references of symbols for the kernel to be PIE compatible. Position Independent Executable (PIE) support will allow to extend the KASLR randomization range 0x8000. Signed-off-by: Thomas Garnier Acked-by: Pavel Machek --- arch/x86

[PATCH v4 06/27] x86/entry/64: Adapt assembly for PIE support

Change the assembly code to use only relative references of symbols for the kernel to be PIE compatible. Position Independent Executable (PIE) support will allow to extend the KASLR randomization range 0x8000. Signed-off-by: Thomas Garnier --- arch/x86/entry/entry_64.S

[PATCH v4 04/27] x86: Add macro to get symbol address for PIE support

Add a new _ASM_MOVABS macro to fetch a symbol address. It will be used to replace "_ASM_MOV $, %dst" code construct that are not compatible with PIE. Signed-off-by: Thomas Garnier --- arch/x86/include/asm/asm.h | 1 + 1 file changed, 1 insertion(+) diff --git a/arch/x86/include/a

[PATCH v4 23/27] x86/modules: Adapt module loading for PIE support

Adapt module loading to support PIE relocations. Generate dynamic GOT if a symbol requires it but no entry exists in the kernel GOT. Position Independent Executable (PIE) support will allow to extend the KASLR randomization range 0x8000. Signed-off-by: Thomas Garnier --- arch/x86

[PATCH v4 22/27] x86/modules: Add option to start module section after kernel

randomization range. Signed-off-by: Thomas Garnier --- Documentation/x86/x86_64/mm.txt | 3 +++ arch/x86/Kconfig| 4 arch/x86/include/asm/pgtable_64_types.h | 6 ++ arch/x86/kernel/head64.c| 5 - arch/x86/mm/dump_pagetables.c | 3

[PATCH v4 21/27] x86/ftrace: Adapt function tracing for PIE support

5-bytes as before. Position Independent Executable (PIE) support will allow to extend the KASLR randomization range 0x8000. Signed-off-by: Thomas Garnier --- arch/x86/include/asm/ftrace.h | 4 -- arch/x86/include/asm/sections.h | 4 ++ arch/x86/kernel/ftrace.c| 42

[PATCH v4 20/27] x86: Support global stack cookie

and the global variable stack cookie is used. If a specific stack mode was selected (regular or strong) and the compiler does not support selecting the segment register, an error is emitted. Signed-off-by: Thomas Garnier --- arch/x86/Kconfig | 12 arch/x86

[PATCH v4 25/27] x86/pie: Add option to build the kernel as PIE

-0.1%) - PIE enabled: average -0.4% to +0.4%. [1] https://gcc.gnu.org/bugzilla/show_bug.cgi?id=82303 Signed-off-by: Thomas Garnier merge pie --- arch/x86/Kconfig | 8 arch/x86/Makefile | 45 - 2 files changed, 52 insertions(+), 1 deletion

[PATCH v4 27/27] x86/kaslr: Add option to extend KASLR range from 1GB to 3GB

three PUD pages. The relocation table uses 64-bit integers generated with the updated relocation tool with the large-reloc option. Signed-off-by: Thomas Garnier --- arch/x86/Kconfig | 21 + arch/x86/boot/compressed/Makefile| 5 + arch/x86/boot

[PATCH v4 19/27] kvm: Adapt assembly for PIE support

randomization range 0x8000. Signed-off-by: Thomas Garnier --- arch/x86/include/asm/kvm_host.h | 8 ++-- arch/x86/kernel/kvm.c | 6 -- arch/x86/kvm/svm.c | 4 ++-- 3 files changed, 12 insertions(+), 6 deletions(-) diff --git a/arch/x86/include/asm/kvm_host.h b

[PATCH v4 26/27] x86/relocs: Add option to generate 64-bit relocations

the top 2G and 32-bit integers are not enough. Signed-off-by: Thomas Garnier --- arch/x86/tools/relocs.c| 60 +++--- arch/x86/tools/relocs.h| 4 +-- arch/x86/tools/relocs_common.c | 15 ++--- 3 files changed, 60 insertions(+), 19 deletions(-) diff

[PATCH v4 24/27] x86/mm: Make the x86 GOT read-only

The GOT is changed during early boot when relocations are applied. Make it read-only directly. This table exists only for PIE binary. Position Independent Executable (PIE) support will allow to extend the KASLR randomization range 0x8000. Signed-off-by: Thomas Garnier --- include

[PATCH v4 01/27] x86/crypto: Adapt assembly for PIE support

Change the assembly code to use only relative references of symbols for the kernel to be PIE compatible. Position Independent Executable (PIE) support will allow to extend the KASLR randomization range 0x8000. Signed-off-by: Thomas Garnier --- arch/x86/crypto/aes-x86_64-asm_64.S

[PATCH v4 05/27] x86: relocate_kernel - Adapt assembly for PIE support

Change the assembly code to use only relative references of symbols for the kernel to be PIE compatible. Position Independent Executable (PIE) support will allow to extend the KASLR randomization range 0x8000. Signed-off-by: Thomas Garnier --- arch/x86/kernel/relocate_kernel_64.S

[PATCH v4 03/27] x86: Use symbol name in jump table for PIE support

Replace the %c constraint with %P. The %c is incompatible with PIE because it implies an immediate value whereas %P reference a symbol. Position Independent Executable (PIE) support will allow to extend the KASLR randomization range 0x8000. Signed-off-by: Thomas Garnier --- arch

[PATCH v4 02/27] x86: Use symbol name on bug table for PIE support

Replace the %c constraint with %P. The %c is incompatible with PIE because it implies an immediate value whereas %P reference a symbol. Position Independent Executable (PIE) support will allow to extend the KASLR randomization range 0x8000. Signed-off-by: Thomas Garnier --- arch

[PATCH v4 13/27] x86/boot/64: Build head64.c as mcmodel large when PIE is enabled

Independent Executable (PIE) support will allow to extend the KASLR randomization range 0x8000. Signed-off-by: Thomas Garnier --- arch/x86/kernel/Makefile | 6 ++ arch/x86/kernel/head64.c | 3 +++ 2 files changed, 9 insertions(+) diff --git a/arch/x86/kernel/Makefile b/arch/x86/kernel

[PATCH v4 17/27] x86/relocs: Handle PIE relocations

Change the relocation tool to correctly handle relocations generated by -fPIE option: - Add relocation for each entry of the .got section given the linker does not generate R_X86_64_GLOB_DAT on a simple link. - Ignore R_X86_64_GOTPCREL. Signed-off-by: Thomas Garnier --- arch/x86/tools

[PATCH v4 07/27] x86: pm-trace - Adapt assembly for PIE support

Change assembly to use the new _ASM_MOVABS macro instead of _ASM_MOV for the assembly to be PIE compatible. Position Independent Executable (PIE) support will allow to extend the KASLR randomization range 0x8000. Signed-off-by: Thomas Garnier --- arch/x86/include/asm/pm-trace.h | 2

[PATCH v4 10/27] x86/boot/64: Adapt assembly for PIE support

. Position Independent Executable (PIE) support will allow to extend the KASLR randomization range 0x8000. Signed-off-by: Thomas Garnier --- arch/x86/kernel/head_64.S | 16 ++-- 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/arch/x86/kernel/head_64.S b/arch

[PATCH v4 11/27] x86/power/64: Adapt assembly for PIE support

Change the assembly code to use only relative references of symbols for the kernel to be PIE compatible. Position Independent Executable (PIE) support will allow to extend the KASLR randomization range 0x8000. Signed-off-by: Thomas Garnier Acked-by: Pavel Machek --- arch/x86/power

[PATCH v4 08/27] x86/CPU: Adapt assembly for PIE support

. Signed-off-by: Thomas Garnier --- arch/x86/include/asm/processor.h | 9 ++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/arch/x86/include/asm/processor.h b/arch/x86/include/asm/processor.h index e28add6b791f..7ae9fb91f7b5 100644 --- a/arch/x86/include/asm/processor.h +++ b

Re: [PATCH v4 21/27] x86/ftrace: Adapt function tracing for PIE support

On Mon, Jun 4, 2018 at 1:16 PM Steven Rostedt wrote: > > On Tue, 29 May 2018 15:15:22 -0700 > Thomas Garnier wrote: > > > When using -fPIE/PIC with function tracing, the compiler generates a > > call through the GOT (call *__fentry__@GOTPCREL). This instruction > &

Re: [PATCH v4 21/27] x86/ftrace: Adapt function tracing for PIE support

On Mon, Jun 4, 2018 at 2:44 PM Steven Rostedt wrote: > > On Mon, 4 Jun 2018 14:06:03 -0700 > Thomas Garnier wrote: > > > On Mon, Jun 4, 2018 at 1:16 PM Steven Rostedt wrote: > > > > > > On Tue, 29 May 2018 15:15:22 -0700 > > > Thomas Garni

Re: [PATCH v4 21/27] x86/ftrace: Adapt function tracing for PIE support

On Tue, Jun 5, 2018 at 9:56 AM Thomas Garnier wrote: > > On Mon, Jun 4, 2018 at 2:44 PM Steven Rostedt wrote: > > > > On Mon, 4 Jun 2018 14:06:03 -0700 > > Thomas Garnier wrote: > > > > > On Mon, Jun 4, 2018 at 1:16 PM Steven Rostedt wrote: > > &

[PATCH v5 07/27] x86: pm-trace - Adapt assembly for PIE support

Change assembly to use the new _ASM_MOVABS macro instead of _ASM_MOV for the assembly to be PIE compatible. Position Independent Executable (PIE) support will allow to extend the KASLR randomization range 0x8000. Signed-off-by: Thomas Garnier --- arch/x86/include/asm/pm-trace.h | 2

[PATCH v5 11/27] x86/power/64: Adapt assembly for PIE support

Change the assembly code to use only relative references of symbols for the kernel to be PIE compatible. Position Independent Executable (PIE) support will allow to extend the KASLR randomization range 0x8000. Signed-off-by: Thomas Garnier Acked-by: Pavel Machek Acked-by: Rafael J

Re: [PATCH v5 23/27] x86/modules: Adapt module loading for PIE support

On Mon, Jun 25, 2018 at 4:51 PM Randy Dunlap wrote: > > On 06/25/18 15:39, Thomas Garnier wrote: > > Adapt module loading to support PIE relocations. Generate dynamic GOT if > > a symbol requires it but no entry exists in the kernel GOT. > > Hi, > > This patch

[PATCH v5 04/27] x86: Add macro to get symbol address for PIE support

Add a new _ASM_MOVABS macro to fetch a symbol address. It will be used to replace "_ASM_MOV $, %dst" code construct that are not compatible with PIE. Signed-off-by: Thomas Garnier --- arch/x86/include/asm/asm.h | 1 + 1 file changed, 1 insertion(+) diff --git a/arch/x86/include/a

[PATCH v5 17/27] x86/relocs: Handle PIE relocations

Change the relocation tool to correctly handle relocations generated by -fPIE option: - Add relocation for each entry of the .got section given the linker does not generate R_X86_64_GLOB_DAT on a simple link. - Ignore R_X86_64_GOTPCREL. Signed-off-by: Thomas Garnier --- arch/x86/tools

[PATCH v5 23/27] x86/modules: Adapt module loading for PIE support

Adapt module loading to support PIE relocations. Generate dynamic GOT if a symbol requires it but no entry exists in the kernel GOT. Position Independent Executable (PIE) support will allow to extend the KASLR randomization range 0x8000. Signed-off-by: Thomas Garnier --- arch/x86

[PATCH v5 08/27] x86/CPU: Adapt assembly for PIE support

. Signed-off-by: Thomas Garnier --- arch/x86/include/asm/processor.h | 9 ++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/arch/x86/include/asm/processor.h b/arch/x86/include/asm/processor.h index cfd29ee8c3da..25b5842a4646 100644 --- a/arch/x86/include/asm/processor.h +++ b

[PATCH v5 02/27] x86: Use symbol name on bug table for PIE support

Replace the %c constraint with %P. The %c is incompatible with PIE because it implies an immediate value whereas %P reference a symbol. Position Independent Executable (PIE) support will allow to extend the KASLR randomization range 0x8000. Signed-off-by: Thomas Garnier --- arch

[PATCH v5 03/27] x86: Use symbol name in jump table for PIE support

Replace the %c constraint with %P. The %c is incompatible with PIE because it implies an immediate value whereas %P reference a symbol. Position Independent Executable (PIE) support will allow to extend the KASLR randomization range 0x8000. Signed-off-by: Thomas Garnier --- arch

[PATCH v5 05/27] x86: relocate_kernel - Adapt assembly for PIE support

Change the assembly code to use only relative references of symbols for the kernel to be PIE compatible. Position Independent Executable (PIE) support will allow to extend the KASLR randomization range 0x8000. Signed-off-by: Thomas Garnier --- arch/x86/kernel/relocate_kernel_64.S

[PATCH v5 25/27] x86/pie: Add option to build the kernel as PIE

-0.1%) - PIE enabled: average -0.4% to +0.4%. [1] https://gcc.gnu.org/bugzilla/show_bug.cgi?id=82303 Signed-off-by: Thomas Garnier merge pie --- arch/x86/Kconfig | 8 arch/x86/Makefile | 45 - 2 files changed, 52 insertions(+), 1 deletion

[PATCH v5 26/27] x86/relocs: Add option to generate 64-bit relocations

the top 2G and 32-bit integers are not enough. Signed-off-by: Thomas Garnier --- arch/x86/tools/relocs.c| 60 +++--- arch/x86/tools/relocs.h| 4 +-- arch/x86/tools/relocs_common.c | 15 ++--- 3 files changed, 60 insertions(+), 19 deletions(-) diff

[PATCH v5 21/27] x86/ftrace: Adapt function tracing for PIE support

-bytes as before. Position Independent Executable (PIE) support will allow to extend the KASLR randomization range 0x8000. Signed-off-by: Thomas Garnier --- arch/x86/kernel/ftrace.c | 51 +- scripts/recordmcount.c | 79 +++- 2

[PATCH v5 27/27] x86/kaslr: Add option to extend KASLR range from 1GB to 3GB

three PUD pages. The relocation table uses 64-bit integers generated with the updated relocation tool with the large-reloc option. Signed-off-by: Thomas Garnier --- arch/x86/Kconfig | 21 + arch/x86/boot/compressed/Makefile| 5 + arch/x86/boot

[PATCH v5 20/27] x86: Support global stack cookie

and the global variable stack cookie is used. If a specific stack mode was selected (regular or strong) and the compiler does not support selecting the segment register, an error is emitted. Signed-off-by: Thomas Garnier --- arch/x86/Kconfig | 12 arch/x86

[PATCH v5 19/27] kvm: Adapt assembly for PIE support

randomization range 0x8000. Signed-off-by: Thomas Garnier --- arch/x86/include/asm/kvm_host.h | 8 ++-- arch/x86/kernel/kvm.c | 6 -- arch/x86/kvm/svm.c | 4 ++-- 3 files changed, 12 insertions(+), 6 deletions(-) diff --git a/arch/x86/include/asm/kvm_host.h b

[PATCH v5 24/27] x86/mm: Make the x86 GOT read-only

The GOT is changed during early boot when relocations are applied. Make it read-only directly. This table exists only for PIE binary. Position Independent Executable (PIE) support will allow to extend the KASLR randomization range 0x8000. Signed-off-by: Thomas Garnier --- include

[PATCH v5 16/27] compiler: Option to add PROVIDE_HIDDEN replacement for weak symbols

Provide an option to have a PROVIDE_HIDDEN (linker script) entry for each weak symbol. This option solves an error in x86_64 where the linker optimizes PIE generated code to be non-PIE because --emit-relocs was used instead of -pie (to reduce dynamic relocations). Signed-off-by: Thomas Garnier

[PATCH v5 06/27] x86/entry/64: Adapt assembly for PIE support

Change the assembly code to use only relative references of symbols for the kernel to be PIE compatible. Position Independent Executable (PIE) support will allow to extend the KASLR randomization range 0x8000. Signed-off-by: Thomas Garnier --- arch/x86/entry/entry_64.S

[PATCH v5 12/27] x86/paravirt: Adapt assembly for PIE support

if PIE is enabled, switch the paravirt assembly constraints to be compatible. The %c/i constrains generate smaller code so is kept by default. Position Independent Executable (PIE) support will allow to extend the KASLR randomization range 0x8000. Signed-off-by: Thomas Garnier

[PATCH v5 15/27] compiler: Option to default to hidden symbols

/end of sections). In this case, older versions of GCC will remove the comparison if the symbols are hidden. This issue exists at least on gcc 4.9 and before. Signed-off-by: Thomas Garnier --- arch/x86/boot/boot.h | 2 +- arch/x86/include/asm/setup.h | 2 +- arch/x86

[PATCH v5 13/27] x86/boot/64: Build head64.c as mcmodel large when PIE is enabled

Independent Executable (PIE) support will allow to extend the KASLR randomization range 0x8000. Signed-off-by: Thomas Garnier --- arch/x86/kernel/Makefile | 6 ++ arch/x86/kernel/head64.c | 3 +++ 2 files changed, 9 insertions(+) diff --git a/arch/x86/kernel/Makefile b/arch/x86/kernel

[PATCH v5 10/27] x86/boot/64: Adapt assembly for PIE support

. Position Independent Executable (PIE) support will allow to extend the KASLR randomization range 0x8000. Signed-off-by: Thomas Garnier --- arch/x86/kernel/head_64.S | 16 ++-- 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/arch/x86/kernel/head_64.S b/arch

[PATCH v5 09/27] x86/acpi: Adapt assembly for PIE support

Change the assembly code to use only relative references of symbols for the kernel to be PIE compatible. Position Independent Executable (PIE) support will allow to extend the KASLR randomization range 0x8000. Signed-off-by: Thomas Garnier Acked-by: Pavel Machek Acked-by: Rafael J

Re: [PATCH 1/2] x86/mm/KASLR: Fix the wrong calculation of kalsr region initial size

Thanks Baoquan! Reviewed-by: Thomas Garnier On Wed, Aug 29, 2018 at 4:49 AM Kirill A. Shutemov wrote: > > On Wed, Aug 29, 2018 at 10:17:53AM +0800, Baoquan He wrote: > > In memory KASLR, __PHYSICAL_MASK_SHIFT is taken to calculate the > > initial size of the dir

Re: repeatable boot randomness inside KVM guest

using prandom_* > > functions in slab.c and slubct and slab_common.c, and just use a > > really random number generator, if the goal is real security as > > opposed to security for show The state is seeded with get_random_long() which will use RDRAND and any available entro

Re: [PATCH 1/3] arm/syscalls: Move address limit check in loop

On Wed, Jul 19, 2017 at 10:58 AM, Thomas Garnier wrote: > The work pending loop can call set_fs after addr_limit_user_check > removed the _TIF_FSCHECK flag. To prevent the infinite loop, move > the addr_limit_user_check call at the beginning of the loop. > > Fixes: 73ac5d6a2b6a

Re: [PATCH 1/3] arm/syscalls: Move address limit check in loop

On Tue, Jul 25, 2017 at 3:38 AM, Russell King - ARM Linux wrote: > On Tue, Jul 25, 2017 at 01:28:01PM +0300, Leonard Crestez wrote: >> On Mon, 2017-07-24 at 10:07 -0700, Thomas Garnier wrote: >> > On Wed, Jul 19, 2017 at 10:58 AM, Thomas Garnier > > > wrote: >>

Re: [PATCH] ARM: uaccess: Add missing include for set_thread_flag

On Tue, Sep 19, 2017 at 4:50 AM, Jonathan Liu wrote: > Fixes "implicit declaration of function" compile error for out-of-tree > kernel modules including asm/uaccess.h. I failed to reproduce this issue by creating an out of tree module with a separate file (with only uaccess.h). Are you using a

Re: [PATCH] ARM: uaccess: Add missing include for set_thread_flag

different approach on linux-next (see commit 2404269bc4e77a67875c8db6667be34c9913c96e). Let me know if this commit resolve the issue and thanks for reaching out. > > Regards, > Jonathan > > On 20 September 2017 at 00:32, Thomas Garnier wrote: > > On Tue, Sep 19, 2017 at 4:50 AM, Jonathan Liu wrote: &

Re: module: use relative references for __ksymtab entries

y still get relocations given the compiler is pretty bad at optimizing (_ptr - .) but I might be wrong. Anyway, the size decrease is great and we can ignore these relocations if need be. Thanks. >> >> Cc: Jessica Yu >> Cc: Arnd Bergmann >> Cc: Andrew Morton >> Cc:

Re: [PATCH v3 3/4] arm/syscalls: Optimize address limit check

On Mon, Aug 14, 2017 at 2:37 PM, Thomas Garnier wrote: > Disable the generic address limit check in favor of an architecture > specific optimized implementation. The generic implementation using > pending work flags did not work well with ARM and alignment faults. > > The address l

Re: [PATCH v3 3/4] arm/syscalls: Optimize address limit check

On Tue, Aug 22, 2017 at 9:42 AM, Thomas Garnier wrote: > On Mon, Aug 14, 2017 at 2:37 PM, Thomas Garnier wrote: >> Disable the generic address limit check in favor of an architecture >> specific optimized implementation. The generic implementation using >> pending work fl

Re: [PATCH v2 2/3] arm/syscalls: Optimize address limit check

On Mon, Aug 7, 2017 at 10:35 AM, Kees Cook wrote: > On Wed, Jul 26, 2017 at 10:00 AM, Thomas Garnier wrote: >> Disable the generic address limit check in favor of an architecture >> specific optimized implementation. The generic implementation using >> pending work fl

Re: [PATCH v2 2/3] arm/syscalls: Optimize address limit check

On Mon, Aug 7, 2017 at 10:55 AM, Russell King - ARM Linux wrote: > > It's better in so far as it avoids the problems previously highlighted. > > However, it depends how efficient we want these paths to be - the > difference between your assembly and the assembly I've previously > supplied is that

Re: [PATCH v2 2/3] arm/syscalls: Optimize address limit check

On Wed, Jul 26, 2017 at 10:00 AM, Thomas Garnier wrote: > Disable the generic address limit check in favor of an architecture > specific optimized implementation. The generic implementation using > pending work flags did not work well with ARM and alignment faults. > > Th

[PATCH v3 4/4] arm64/syscalls: Move address limit check in loop

. Fixes: cf7de27ab351 ("arm64/syscalls: Check address limit on user-mode return") Reported-by: Leonard Crestez Signed-off-by: Thomas Garnier --- arch/arm64/kernel/signal.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/arch/arm64/kernel/signal.c b/arch/ar

[PATCH v3 1/4] syscalls: Use CHECK_DATA_CORRUPTION for addr_limit_user_check

Use CHECK_DATA_CORRUPTION instead of BUG_ON to provide more flexibility on address limit failures. By default, send a SIGKILL signal to kill the current process preventing exploitation of a bad address limit. Make the TIF_FSCHECK flag optional so ARM can use this function. Signed-off-by: Thomas

[PATCH v3 3/4] arm/syscalls: Optimize address limit check

using a SIGKILL signal. For example the lkdtm address limit check does not work because the signal to kill the process will reset the user-mode address limit. Signed-off-by: Thomas Garnier --- arch/arm/kernel/entry-common.S | 11 +++ arch/arm/kernel/signal.c | 7 +++ 2 files

[PATCH v3 2/4] Revert "arm/syscalls: Check address limit on user-mode return"

, it has been agreed that the generic approach is not tailored to the ARM architecture and any fix might not be complete. This patch will be replaced by an architecture specific implementation. The work flag approach will be kept for other architectures. Reported-by: Leonard Crestez Signed-off-by: Thomas

Re: [PATCH 1/3] arm/syscalls: Move address limit check in loop

On Wed, Jul 26, 2017 at 5:02 AM, Will Deacon wrote: > On Tue, Jul 25, 2017 at 01:01:17PM -0700, Thomas Garnier wrote: >> On Tue, Jul 25, 2017 at 3:38 AM, Russell King - ARM Linux >> wrote: >> > On Tue, Jul 25, 2017 at 01:28:01PM +0300, Leonard Crestez wrote: >>

[PATCH v2 1/3] Revert "arm/syscalls: Check address limit on user-mode return"

, it has been agreed that the generic approach is not tailored to the ARM architecture and any fix might not be complete. This patch will be replaced by an architecture specific implementation. The work flag approach will be kept for other architectures. Reported-by: Leonard Crestez Signed-off-by: Thomas

[PATCH v2 3/3] arm64/syscalls: Move address limit check in loop

. Fixes: cf7de27ab351 ("arm64/syscalls: Check address limit on user-mode return") Reported-by: Leonard Crestez Signed-off-by: Thomas Garnier --- arch/arm64/kernel/signal.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/arch/arm64/kernel/signal.c b/arch/ar

[PATCH v2 2/3] arm/syscalls: Optimize address limit check

the signal to kill the process will reset the user-mode address limit. Signed-off-by: Thomas Garnier --- arch/arm/kernel/entry-common.S | 11 +++ arch/arm/kernel/signal.c | 5 + 2 files changed, 16 insertions(+) diff --git a/arch/arm/kernel/entry-common.S b/arch/arm/kernel/entry

Re: [PATCH 1/3] arm/syscalls: Move address limit check in loop

On Wed, Jul 26, 2017 at 11:25 AM, Russell King - ARM Linux wrote: > On Wed, Jul 26, 2017 at 07:20:22AM -0700, Thomas Garnier wrote: >> On Wed, Jul 26, 2017 at 5:02 AM, Will Deacon wrote: >> > I looked to see what you've done for x86, but it looks like you check/clear &g

Re: repeatable boot randomness inside KVM guest

slubct and slab_common.c, and just use a > > really random number generator, if the goal is real security as > > opposed to security for show The state is seeded with get_random_long() which will use RDRAND and any available entropy at this point. I am not sure the value of call

Re: [PATCH v10 1/3] x86/syscalls: Check address limit on user-mode return

On Wed, Jun 28, 2017 at 10:52 AM, Kees Cook wrote: > > On Tue, Jun 20, 2017 at 1:24 PM, Kees Cook wrote: > > On Wed, Jun 14, 2017 at 6:12 PM, Thomas Garnier wrote: > >> Ensure the address limit is a user-mode segment before returning to > >> user-mode. Otherwis

Re: [PATCH v10 1/3] x86/syscalls: Check address limit on user-mode return

On Thu, Jul 6, 2017 at 1:48 PM, Thomas Gleixner wrote: > On Thu, 6 Jul 2017, Thomas Garnier wrote: >> On Wed, Jun 28, 2017 at 10:52 AM, Kees Cook wrote: >> > >> > On Tue, Jun 20, 2017 at 1:24 PM, Kees Cook wrote: >> > > On Wed, Jun 14, 2017 at

Re: [PATCH v10 2/3] arm/syscalls: Check address limit on user-mode return

On Tue, Jul 18, 2017 at 7:36 AM, Leonard Crestez wrote: > On Wed, 2017-06-14 at 18:12 -0700, Thomas Garnier wrote: >> Ensure the address limit is a user-mode segment before returning to >> user-mode. Otherwise a process can corrupt kernel-mode memory and >>

Re: [PATCH v10 2/3] arm/syscalls: Check address limit on user-mode return

On Tue, Jul 18, 2017 at 10:18 AM, Leonard Crestez wrote: > > On Tue, 2017-07-18 at 09:04 -0700, Thomas Garnier wrote: > > On Tue, Jul 18, 2017 at 7:36 AM, Leonard Crestez > > wrote: > > > > > > On Wed, 2017-06-14 at 18:12 -0700, Thomas Garnier wrote: >

Re: [PATCH v10 2/3] arm/syscalls: Check address limit on user-mode return

On Wed, Jul 19, 2017 at 7:58 AM, Leonard Crestez wrote: > On Tue, 2017-07-18 at 12:04 -0700, Thomas Garnier wrote: >> On Tue, Jul 18, 2017 at 10:18 AM, Leonard Crestez >> wrote: >> > On Tue, 2017-07-18 at 09:04 -0700, Thomas Garnier wrote: >> > > On Tue, Jul

Re: [kernel-hardening] Re: [PATCH v10 2/3] arm/syscalls: Check address limit on user-mode return

On Wed, Jul 19, 2017 at 10:06 AM, Russell King - ARM Linux wrote: > On Wed, Jul 19, 2017 at 05:58:20PM +0300, Leonard Crestez wrote: >> On Tue, 2017-07-18 at 12:04 -0700, Thomas Garnier wrote: >> > On Tue, Jul 18, 2017 at 10:18 AM, Leonard Crestez >> > wrote: >>

[PATCH 3/3] arm64/syscalls: Move address limit check in loop

. Fixes: cf7de27ab351 ("arm64/syscalls: Check address limit on user-mode return") Reported-by: Leonard Crestez Signed-off-by: Thomas Garnier --- arch/arm64/kernel/signal.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/arch/arm64/kernel/signal.c b/arch/ar

[PATCH 1/3] arm/syscalls: Move address limit check in loop

y: Leonard Crestez Signed-off-by: Thomas Garnier --- arch/arm/kernel/signal.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/arch/arm/kernel/signal.c b/arch/arm/kernel/signal.c index 3a48b54c6405..f4574287d14b 100644 --- a/arch/arm/kernel/signal.c +++ b/arch/arm/kerne

[PATCH 2/3] arm/syscalls: Optimize work flags assembly check

Remove the double branch and use tsteq instead. Suggested-by: Russell King Signed-off-by: Thomas Garnier --- arch/arm/kernel/entry-common.S | 7 ++- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/arch/arm/kernel/entry-common.S b/arch/arm/kernel/entry-common.S index

Re: [kernel-hardening] Re: [PATCH v10 2/3] arm/syscalls: Check address limit on user-mode return

On Wed, Jul 19, 2017 at 11:35 AM, Russell King - ARM Linux wrote: > On Wed, Jul 19, 2017 at 10:20:35AM -0700, Thomas Garnier wrote: >> On Wed, Jul 19, 2017 at 10:06 AM, Russell King - ARM Linux >> wrote: >> > On Wed, Jul 19, 2017 at 05:58:20PM +0300, Leonard Crestez w

[PATCH v9 03/11] x86: relocate_kernel - Adapt assembly for PIE support

Change the assembly code to use only absolute references of symbols for the kernel to be PIE compatible. Position Independent Executable (PIE) support will allow to extend the KASLR randomization range below 0x8000. Signed-off-by: Thomas Garnier Reviewed-by: Kees Cook --- arch/x86

[PATCH v9 09/11] x86/power/64: Adapt assembly for PIE support

Change the assembly code to use only relative references of symbols for the kernel to be PIE compatible. Position Independent Executable (PIE) support will allow to extend the KASLR randomization range below 0x8000. Signed-off-by: Thomas Garnier Acked-by: Pavel Machek Acked

[PATCH v9 10/11] x86/paravirt: Adapt assembly for PIE support

if PIE is enabled, switch the paravirt assembly constraints to be compatible. The %c/i constrains generate smaller code so is kept by default. Position Independent Executable (PIE) support will allow to extend the KASLR randomization range below 0x8000. Signed-off-by: Thomas Garnier

[PATCH v9 04/11] x86/entry/64: Adapt assembly for PIE support

Change the assembly code to use only relative references of symbols for the kernel to be PIE compatible. Position Independent Executable (PIE) support will allow to extend the KASLR randomization range below 0x8000. Signed-off-by: Thomas Garnier Reviewed-by: Kees Cook --- arch/x86

[PATCH v9 06/11] x86/CPU: Adapt assembly for PIE support

Change the assembly code to use only relative references of symbols for the kernel to be PIE compatible. Position Independent Executable (PIE) support will allow to extend the KASLR randomization range below 0x8000. Signed-off-by: Thomas Garnier --- arch/x86/include/asm/processor.h

[PATCH v9 00/11] x86: PIE support to extend KASLR randomization

Minor changes based on feedback and rebase from v8. Splitting the previous serie in two. This part contains assembly code changes required for PIE but without any direct dependencies with the rest of the patchset. Changes: - patch v9 (assembly): - Moved to relative reference for sync_core

[PATCH v9 11/11] x86/alternatives: Adapt assembly for PIE support

Change the assembly options to work with pointers instead of integers. Position Independent Executable (PIE) support will allow to extend the KASLR randomization range below 0x8000. Signed-off-by: Thomas Garnier --- arch/x86/include/asm/alternative.h | 6 +++--- 1 file changed, 3

[PATCH v9 02/11] x86: Add macro to get symbol address for PIE support

Add a new _ASM_MOVABS macro to fetch a symbol address. It will be used to replace "_ASM_MOV $, %dst" code construct that are not compatible with PIE. Signed-off-by: Thomas Garnier --- arch/x86/include/asm/asm.h | 1 + 1 file changed, 1 insertion(+) diff --git a/arch/x86/include/a

[PATCH v9 08/11] x86/boot/64: Adapt assembly for PIE support

. Position Independent Executable (PIE) support will allow to extend the KASLR randomization range below 0x8000. Signed-off-by: Thomas Garnier Reviewed-by: Kees Cook --- arch/x86/kernel/head_64.S | 16 ++-- 1 file changed, 10 insertions(+), 6 deletions(-) diff --git

[PATCH v9 07/11] x86/acpi: Adapt assembly for PIE support

Change the assembly code to use only relative references of symbols for the kernel to be PIE compatible. Position Independent Executable (PIE) support will allow to extend the KASLR randomization range below 0x8000. Signed-off-by: Thomas Garnier Acked-by: Pavel Machek Acked

[PATCH v9 05/11] x86: pm-trace - Adapt assembly for PIE support

Change assembly to use the new _ASM_MOVABS macro instead of _ASM_MOV for the assembly to be PIE compatible. Position Independent Executable (PIE) support will allow to extend the KASLR randomization range below 0x8000. Signed-off-by: Thomas Garnier Reviewed-by: Kees Cook --- arch

[PATCH v8 02/11] x86: Add macro to get symbol address for PIE support

Add a new _ASM_MOVABS macro to fetch a symbol address. It will be used to replace "_ASM_MOV $, %dst" code construct that are not compatible with PIE. Signed-off-by: Thomas Garnier --- arch/x86/include/asm/asm.h | 1 + 1 file changed, 1 insertion(+) diff --git a/arch/x86/include/a

[PATCH v8 07/11] x86/acpi: Adapt assembly for PIE support

Change the assembly code to use only relative references of symbols for the kernel to be PIE compatible. Position Independent Executable (PIE) support will allow to extend the KASLR randomization range below 0x8000. Signed-off-by: Thomas Garnier Acked-by: Pavel Machek Acked

[PATCH v8 10/11] x86/paravirt: Adapt assembly for PIE support

if PIE is enabled, switch the paravirt assembly constraints to be compatible. The %c/i constrains generate smaller code so is kept by default. Position Independent Executable (PIE) support will allow to extend the KASLR randomization range below 0x8000. Signed-off-by: Thomas Garnier

[PATCH v8 06/11] x86/CPU: Adapt assembly for PIE support

0x8000. Signed-off-by: Thomas Garnier --- arch/x86/include/asm/processor.h | 6 -- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/arch/x86/include/asm/processor.h b/arch/x86/include/asm/processor.h index 3eab6ece52b4..3e2154b0e09f 100644 --- a/arch/x86/include/asm/processor.h

[PATCH v8 03/11] x86: relocate_kernel - Adapt assembly for PIE support

Change the assembly code to use only absolute references of symbols for the kernel to be PIE compatible. Position Independent Executable (PIE) support will allow to extend the KASLR randomization range below 0x8000. Signed-off-by: Thomas Garnier Reviewed-by: Kees Cook --- arch/x86

[PATCH v8 08/11] x86/boot/64: Adapt assembly for PIE support

. Position Independent Executable (PIE) support will allow to extend the KASLR randomization range below 0x8000. Signed-off-by: Thomas Garnier Reviewed-by: Kees Cook --- arch/x86/kernel/head_64.S | 16 ++-- 1 file changed, 10 insertions(+), 6 deletions(-) diff --git

<    1   2   3   4   5   6   7   8   9   >