[PATCH v5 12/27] x86/paravirt: Adapt assembly for PIE support

if PIE is enabled, switch the paravirt assembly constraints to be compatible. The %c/i constrains generate smaller code so is kept by default. Position Independent Executable (PIE) support will allow to extend the KASLR randomization range 0x8000. Signed-off-by: Thomas Garnier ---

[PATCH v5 00/27] x86: PIE support and option to extend KASLR randomization

Changes: - patch v5: - Adapt new crypto modules for PIE. - Improve per-cpu commit message. - Fix xen 32-bit build error with .quad. - Remove extra code for ftrace. - patch v4: - Simplify early boot by removing global variables. - Modify the mcount location script for

[PATCH v4 12/27] x86/paravirt: Adapt assembly for PIE support

if PIE is enabled, switch the paravirt assembly constraints to be compatible. The %c/i constrains generate smaller code so is kept by default. Position Independent Executable (PIE) support will allow to extend the KASLR randomization range 0x8000. Signed-off-by: Thomas Garnier ---

[PATCH v4 00/27] x86: PIE support and option to extend KASLR randomization

Changes: - patch v4: - Simplify early boot by removing global variables. - Modify the mcount location script for __mcount_loc intead of the address read in the ftrace implementation. - Edit commit description to explain better where the kernel can be located. - Streamlined the

Re: [PATCH v3 21/27] x86/ftrace: Adapt function tracing for PIE support

On Thu, May 24, 2018 at 1:41 PM Thomas Garnier wrote: > On Thu, May 24, 2018 at 1:16 PM Steven Rostedt wrote: > > On Thu, 24 May 2018 13:40:24 +0200 > > Petr Mladek wrote: > > > On Wed 2018-05-23 12:54:15, Thomas Garnier wrote: > > > > When using -fPIE/PIC with function tracing, the

Re: [PATCH v3 09/27] x86/acpi: Adapt assembly for PIE support

On Tue, May 29, 2018 at 5:31 AM Pavel Machek wrote: > On Fri 2018-05-25 10:00:04, Thomas Garnier wrote: > > On Fri, May 25, 2018 at 2:14 AM Pavel Machek wrote: > > > > > On Thu 2018-05-24 09:35:42, Thomas Garnier wrote: > > > > On Thu, May 24, 2018 at 4:03 AM Pavel Machek wrote: > > > > > > >

Re: [PATCH v3 09/27] x86/acpi: Adapt assembly for PIE support

On Fri, May 25, 2018 at 2:14 AM Pavel Machek wrote: > On Thu 2018-05-24 09:35:42, Thomas Garnier wrote: > > On Thu, May 24, 2018 at 4:03 AM Pavel Machek wrote: > > > > > On Wed 2018-05-23 12:54:03, Thomas Garnier wrote: > > > > Change the assembly code to use only

Re: [PATCH v3 21/27] x86/ftrace: Adapt function tracing for PIE support

On Thu, May 24, 2018 at 1:16 PM Steven Rostedt wrote: > On Thu, 24 May 2018 13:40:24 +0200 > Petr Mladek wrote: > > On Wed 2018-05-23 12:54:15, Thomas Garnier wrote: > > > When using -fPIE/PIC with function tracing, the compiler generates a > > > call

Re: [PATCH v3 11/27] x86/power/64: Adapt assembly for PIE support

On Thu, May 24, 2018 at 4:04 AM Pavel Machek wrote: > On Wed 2018-05-23 12:54:05, Thomas Garnier wrote: > > Change the assembly code to use only relative references of symbols for the > > kernel to be PIE compatible. > > > > Position Independent Executable (PIE) support will allow

Re: [PATCH v3 09/27] x86/acpi: Adapt assembly for PIE support

On Thu, May 24, 2018 at 4:03 AM Pavel Machek wrote: > On Wed 2018-05-23 12:54:03, Thomas Garnier wrote: > > Change the assembly code to use only relative references of symbols for the > > kernel to be PIE compatible. > > > > Position Independent Executable (PIE) support will allow

Re: [PATCH v3 23/27] x86/modules: Adapt module loading for PIE support

On Wed, May 23, 2018 at 2:27 PM Randy Dunlap wrote: > Hi, > (for several patches in this series:) > The commit message is confusing. See below. Thanks for the edits, I will change the different commit messages. > On 05/23/2018 12:54 PM, Thomas Garnier wrote: > >

[PATCH v3 27/27] x86/kaslr: Add option to extend KASLR range from 1GB to 3GB

Add a new CONFIG_RANDOMIZE_BASE_LARGE option to benefit from PIE support. It increases the KASLR range from 1GB to 3GB. The new range stars at 0x just above the EFI memory region. This option is off by default. The boot code is adapted to create the appropriate page table spanning

[PATCH v3 26/27] x86/relocs: Add option to generate 64-bit relocations

The x86 relocation tool generates a list of 32-bit signed integers. There was no need to use 64-bit integers because all addresses where above the 2G top of the memory. This change add a large-reloc option to generate 64-bit unsigned integers. It can be used when the kernel plan to go below the

[PATCH v3 25/27] x86/pie: Add option to build the kernel as PIE

Add the CONFIG_X86_PIE option which builds the kernel as a Position Independent Executable (PIE). The kernel is currently build with the mcmodel=kernel option which forces it to stay on the top 2G of the virtual address space. With PIE, the kernel will be able to move below the current limit. The

[PATCH v3 24/27] x86/mm: Make the x86 GOT read-only

The GOT is changed during early boot when relocations are applied. Make it read-only directly. This table exists only for PIE binary. Position Independent Executable (PIE) support will allow to extended the KASLR randomization range below the -2G memory limit. Signed-off-by: Thomas Garnier

[PATCH v3 23/27] x86/modules: Adapt module loading for PIE support

Adapt module loading to support PIE relocations. Generate dynamic GOT if a symbol requires it but no entry exist in the kernel GOT. Position Independent Executable (PIE) support will allow to extended the KASLR randomization range below the -2G memory limit. Signed-off-by: Thomas Garnier

[PATCH v3 22/27] x86/modules: Add option to start module section after kernel

Add an option so the module section is just after the mapped kernel. It will ensure position independent modules are always at the right distance from the kernel and do not require mcmodule=large. It also optimize the available size for modules by getting rid of the empty space on kernel

[PATCH v3 21/27] x86/ftrace: Adapt function tracing for PIE support

When using -fPIE/PIC with function tracing, the compiler generates a call through the GOT (call *__fentry__@GOTPCREL). This instruction takes 6 bytes instead of 5 on the usual relative call. If PIE is enabled, replace the 6th byte of the GOT call by a 1-byte nop so ftrace can handle the previous

[PATCH v3 20/27] x86: Support global stack cookie

Add an off-by-default configuration option to use a global stack cookie instead of the default TLS. This configuration option will only be used with PIE binaries. For kernel stack cookie, the compiler uses the mcmodel=kernel to switch between the fs segment to gs segment. A PIE binary does not

[PATCH v3 19/27] kvm: Adapt assembly for PIE support

Change the assembly code to use only relative references of symbols for the kernel to be PIE compatible. The new __ASM_MOVABS macro is used to get the address of a symbol on both 32 and 64-bit with PIE support. Position Independent Executable (PIE) support will allow to extended the KASLR

[PATCH v3 18/27] xen: Adapt assembly for PIE support

Change the assembly code to use the new _ASM_MOVABS macro which get a symbol reference while being PIE compatible. Adapt the relocation tool to ignore 32-bit Xen code. Position Independent Executable (PIE) support will allow to extended the KASLR randomization range below the -2G memory limit.

[PATCH v3 17/27] x86/relocs: Handle PIE relocations

Change the relocation tool to correctly handle relocations generated by -fPIE option: - Add relocation for each entry of the .got section given the linker does not generate R_X86_64_GLOB_DAT on a simple link. - Ignore R_X86_64_GOTPCREL. Signed-off-by: Thomas Garnier

[PATCH v3 16/27] compiler: Option to add PROVIDE_HIDDEN replacement for weak symbols

Provide an option to have a PROVIDE_HIDDEN (linker script) entry for each weak symbol. This option solve an error in x86_64 where the linker optimizes pie generate code to be non-pie because --emit-relocs was used instead of -pie (to reduce dynamic relocations). Signed-off-by: Thomas Garnier

[PATCH v3 15/27] compiler: Option to default to hidden symbols

Provide an option to default visibility to hidden except for key symbols. This option is disabled by default and will be used by x86_64 PIE support to remove errors between compilation units. The default visibility is also enabled for external symbols that are compared as they maybe equals

[PATCH v3 14/27] x86/percpu: Adapt percpu for PIE support

Perpcu uses a clever design where the .percu ELF section has a virtual address of zero and the relocation code avoid relocating specific symbols. It makes the code simple and easily adaptable with or without SMP support. This design is incompatible with PIE because generated code always try to

[PATCH v3 13/27] x86/boot/64: Build head64.c as mcmodel large when PIE is enabled

The __startup_64 function assumes all symbols have relocated addresses instead of the current boot virtual address. PIE generated code favor relative addresses making all virtual and physical address math incorrect. If PIE is enabled, build head64.c as mcmodel large instead to ensure absolute

[PATCH v3 12/27] x86/paravirt: Adapt assembly for PIE support

if PIE is enabled, switch the paravirt assembly constraints to be compatible. The %c/i constrains generate smaller code so is kept by default. Position Independent Executable (PIE) support will allow to extended the KASLR randomization range below the -2G memory limit. Signed-off-by: Thomas

[PATCH v3 11/27] x86/power/64: Adapt assembly for PIE support

Change the assembly code to use only relative references of symbols for the kernel to be PIE compatible. Position Independent Executable (PIE) support will allow to extended the KASLR randomization range below the -2G memory limit. Signed-off-by: Thomas Garnier ---

[PATCH v3 10/27] x86/boot/64: Adapt assembly for PIE support

Change the assembly code to use only relative references of symbols for the kernel to be PIE compatible. Early at boot, the kernel is mapped at a temporary address while preparing the page table. To know the changes needed for the page table with KASLR, the boot code calculate the difference

[PATCH v3 09/27] x86/acpi: Adapt assembly for PIE support

Change the assembly code to use only relative references of symbols for the kernel to be PIE compatible. Position Independent Executable (PIE) support will allow to extended the KASLR randomization range below the -2G memory limit. Signed-off-by: Thomas Garnier ---

[PATCH v3 08/27] x86/CPU: Adapt assembly for PIE support

Change the assembly code to use only relative references of symbols for the kernel to be PIE compatible. Use the new _ASM_MOVABS macro instead of the 'mov $symbol, %dst' construct. Position Independent Executable (PIE) support will allow to extended the KASLR randomization range below the -2G

[PATCH v3 07/27] x86: pm-trace - Adapt assembly for PIE support

Change assembly to use the new _ASM_MOVABS macro instead of _ASM_MOV for the assembly to be PIE compatible. Position Independent Executable (PIE) support will allow to extended the KASLR randomization range below the -2G memory limit. Signed-off-by: Thomas Garnier ---

[PATCH v3 06/27] x86/entry/64: Adapt assembly for PIE support

Change the assembly code to use only relative references of symbols for the kernel to be PIE compatible. Position Independent Executable (PIE) support will allow to extended the KASLR randomization range below the -2G memory limit. Signed-off-by: Thomas Garnier ---

[PATCH v3 05/27] x86: relocate_kernel - Adapt assembly for PIE support

Change the assembly code to use only relative references of symbols for the kernel to be PIE compatible. Position Independent Executable (PIE) support will allow to extended the KASLR randomization range below the -2G memory limit. Signed-off-by: Thomas Garnier ---

[PATCH v3 04/27] x86: Add macro to get symbol address for PIE support

Add a new _ASM_MOVABS macro to fetch a symbol address. It will be used to replace "_ASM_MOV $, %dst" code construct that are not compatible with PIE. Signed-off-by: Thomas Garnier --- arch/x86/include/asm/asm.h | 1 + 1 file changed, 1 insertion(+) diff --git

[PATCH v3 03/27] x86: Use symbol name in jump table for PIE support

Replace the %c constraint with %P. The %c is incompatible with PIE because it implies an immediate value whereas %P reference a symbol. Position Independent Executable (PIE) support will allow to extended the KASLR randomization range below the -2G memory limit. Signed-off-by: Thomas Garnier

[PATCH v3 02/27] x86: Use symbol name on bug table for PIE support

Replace the %c constraint with %P. The %c is incompatible with PIE because it implies an immediate value whereas %P reference a symbol. Position Independent Executable (PIE) support will allow to extended the KASLR randomization range below the -2G memory limit. Signed-off-by: Thomas Garnier

[PATCH v3 00/27] x86: PIE support and option to extend KASLR randomization

Changes: - patch v3: - Update on message to describe longer term PIE goal. - Minor change on ftrace if condition. - Changed code using xchgq. - patch v2: - Adapt patch to work post KPTI and compiler changes - Redo all performance testing with latest configs and compilers -

[PATCH v3 01/27] x86/crypto: Adapt assembly for PIE support

Change the assembly code to use only relative references of symbols for the kernel to be PIE compatible. Position Independent Executable (PIE) support will allow to extended the KASLR randomization range below the -2G memory limit. Signed-off-by: Thomas Garnier ---

Re: [PATCH v2 06/27] x86/entry/64: Adapt assembly for PIE support

On Wed, Mar 14, 2018 at 8:55 AM Christopher Lameter wrote: > On Wed, 14 Mar 2018, Peter Zijlstra wrote: > > On Tue, Mar 13, 2018 at 01:59:24PM -0700, Thomas Garnier wrote: > > > @@ -1576,7 +1578,9 @@ first_nmi: > > > addq$8, (%rsp) /* Fix up RSP */ > > >

[PATCH v2 27/27] x86/kaslr: Add option to extend KASLR range from 1GB to 3GB

Add a new CONFIG_RANDOMIZE_BASE_LARGE option to benefit from PIE support. It increases the KASLR range from 1GB to 3GB. The new range stars at 0x just above the EFI memory region. This option is off by default. The boot code is adapted to create the appropriate page table spanning

[PATCH v2 25/27] x86/pie: Add option to build the kernel as PIE

Add the CONFIG_X86_PIE option which builds the kernel as a Position Independent Executable (PIE). The kernel is currently build with the mcmodel=kernel option which forces it to stay on the top 2G of the virtual address space. With PIE, the kernel will be able to move below the current limit. The

[PATCH v2 26/27] x86/relocs: Add option to generate 64-bit relocations

The x86 relocation tool generates a list of 32-bit signed integers. There was no need to use 64-bit integers because all addresses where above the 2G top of the memory. This change add a large-reloc option to generate 64-bit unsigned integers. It can be used when the kernel plan to go below the

[PATCH v2 24/27] x86/mm: Make the x86 GOT read-only

The GOT is changed during early boot when relocations are applied. Make it read-only directly. This table exists only for PIE binary. Position Independent Executable (PIE) support will allow to extended the KASLR randomization range below the -2G memory limit. Signed-off-by: Thomas Garnier

[PATCH v2 20/27] x86: Support global stack cookie

Add an off-by-default configuration option to use a global stack cookie instead of the default TLS. This configuration option will only be used with PIE binaries. For kernel stack cookie, the compiler uses the mcmodel=kernel to switch between the fs segment to gs segment. A PIE binary does not

[PATCH v2 19/27] kvm: Adapt assembly for PIE support

Change the assembly code to use only relative references of symbols for the kernel to be PIE compatible. The new __ASM_MOVABS macro is used to get the address of a symbol on both 32 and 64-bit with PIE support. Position Independent Executable (PIE) support will allow to extended the KASLR

[PATCH v2 21/27] x86/ftrace: Adapt function tracing for PIE support

When using -fPIE/PIC with function tracing, the compiler generates a call through the GOT (call *__fentry__@GOTPCREL). This instruction takes 6 bytes instead of 5 on the usual relative call. If PIE is enabled, replace the 6th byte of the GOT call by a 1-byte nop so ftrace can handle the previous

[PATCH v2 23/27] x86/modules: Adapt module loading for PIE support

Adapt module loading to support PIE relocations. Generate dynamic GOT if a symbol requires it but no entry exist in the kernel GOT. Position Independent Executable (PIE) support will allow to extended the KASLR randomization range below the -2G memory limit. Signed-off-by: Thomas Garnier

[PATCH v2 22/27] x86/modules: Add option to start module section after kernel

Add an option so the module section is just after the mapped kernel. It will ensure position independent modules are always at the right distance from the kernel and do not require mcmodule=large. It also optimize the available size for modules by getting rid of the empty space on kernel

[PATCH v2 18/27] xen: Adapt assembly for PIE support

Change the assembly code to use the new _ASM_MOVABS macro which get a symbol reference while being PIE compatible. Adapt the relocation tool to ignore 32-bit Xen code. Position Independent Executable (PIE) support will allow to extended the KASLR randomization range below the -2G memory limit.

[PATCH v2 17/27] x86/relocs: Handle PIE relocations

Change the relocation tool to correctly handle relocations generated by -fPIE option: - Add relocation for each entry of the .got section given the linker does not generate R_X86_64_GLOB_DAT on a simple link. - Ignore R_X86_64_GOTPCREL. Signed-off-by: Thomas Garnier

[PATCH v2 16/27] compiler: Option to add PROVIDE_HIDDEN replacement for weak symbols

Provide an option to have a PROVIDE_HIDDEN (linker script) entry for each weak symbol. This option solve an error in x86_64 where the linker optimizes pie generate code to be non-pie because --emit-relocs was used instead of -pie (to reduce dynamic relocations). Signed-off-by: Thomas Garnier

[PATCH v2 15/27] compiler: Option to default to hidden symbols

Provide an option to default visibility to hidden except for key symbols. This option is disabled by default and will be used by x86_64 PIE support to remove errors between compilation units. The default visibility is also enabled for external symbols that are compared as they maybe equals

[PATCH v2 14/27] x86/percpu: Adapt percpu for PIE support

Perpcu uses a clever design where the .percu ELF section has a virtual address of zero and the relocation code avoid relocating specific symbols. It makes the code simple and easily adaptable with or without SMP support. This design is incompatible with PIE because generated code always try to

[PATCH v2 13/27] x86/boot/64: Build head64.c as mcmodel large when PIE is enabled

The __startup_64 function assumes all symbols have relocated addresses instead of the current boot virtual address. PIE generated code favor relative addresses making all virtual and physical address math incorrect. If PIE is enabled, build head64.c as mcmodel large instead to ensure absolute

[PATCH v2 12/27] x86/paravirt: Adapt assembly for PIE support

if PIE is enabled, switch the paravirt assembly constraints to be compatible. The %c/i constrains generate smaller code so is kept by default. Position Independent Executable (PIE) support will allow to extended the KASLR randomization range below the -2G memory limit. Signed-off-by: Thomas

[PATCH v2 10/27] x86/boot/64: Adapt assembly for PIE support

Change the assembly code to use only relative references of symbols for the kernel to be PIE compatible. Early at boot, the kernel is mapped at a temporary address while preparing the page table. To know the changes needed for the page table with KASLR, the boot code calculate the difference

[PATCH v2 09/27] x86/acpi: Adapt assembly for PIE support

Change the assembly code to use only relative references of symbols for the kernel to be PIE compatible. Position Independent Executable (PIE) support will allow to extended the KASLR randomization range below the -2G memory limit. Signed-off-by: Thomas Garnier ---

[PATCH v2 11/27] x86/power/64: Adapt assembly for PIE support

Change the assembly code to use only relative references of symbols for the kernel to be PIE compatible. Position Independent Executable (PIE) support will allow to extended the KASLR randomization range below the -2G memory limit. Signed-off-by: Thomas Garnier ---

[PATCH v2 07/27] x86: pm-trace - Adapt assembly for PIE support

Change assembly to use the new _ASM_MOVABS macro instead of _ASM_MOV for the assembly to be PIE compatible. Position Independent Executable (PIE) support will allow to extended the KASLR randomization range below the -2G memory limit. Signed-off-by: Thomas Garnier ---

[PATCH v2 08/27] x86/CPU: Adapt assembly for PIE support

Change the assembly code to use only relative references of symbols for the kernel to be PIE compatible. Use the new _ASM_MOVABS macro instead of the 'mov $symbol, %dst' construct. Position Independent Executable (PIE) support will allow to extended the KASLR randomization range below the -2G

[PATCH v2 06/27] x86/entry/64: Adapt assembly for PIE support

Change the assembly code to use only relative references of symbols for the kernel to be PIE compatible. Position Independent Executable (PIE) support will allow to extended the KASLR randomization range below the -2G memory limit. Signed-off-by: Thomas Garnier ---

[PATCH v2 05/27] x86: relocate_kernel - Adapt assembly for PIE support

Change the assembly code to use only relative references of symbols for the kernel to be PIE compatible. Position Independent Executable (PIE) support will allow to extended the KASLR randomization range below the -2G memory limit. Signed-off-by: Thomas Garnier ---

[PATCH v2 04/27] x86: Add macro to get symbol address for PIE support

Add a new _ASM_MOVABS macro to fetch a symbol address. It will be used to replace "_ASM_MOV $, %dst" code construct that are not compatible with PIE. Signed-off-by: Thomas Garnier --- arch/x86/include/asm/asm.h | 1 + 1 file changed, 1 insertion(+) diff --git

[PATCH v2 03/27] x86: Use symbol name in jump table for PIE support

Replace the %c constraint with %P. The %c is incompatible with PIE because it implies an immediate value whereas %P reference a symbol. Position Independent Executable (PIE) support will allow to extended the KASLR randomization range below the -2G memory limit. Signed-off-by: Thomas Garnier

[PATCH v2 00/27] x86: PIE support and option to extend KASLR randomization

Changes: - patch v2: - Adapt patch to work post KPTI and compiler changes - Redo all performance testing with latest configs and compilers - Simplify mov macro on PIE (MOVABS now) - Reduce GOT footprint - patch v1: - Simplify ftrace implementation. - Use gcc

[PATCH v2 01/27] x86/crypto: Adapt assembly for PIE support

Change the assembly code to use only relative references of symbols for the kernel to be PIE compatible. Position Independent Executable (PIE) support will allow to extended the KASLR randomization range below the -2G memory limit. Signed-off-by: Thomas Garnier ---

[PATCH v2 02/27] x86: Use symbol name on bug table for PIE support

Replace the %c constraint with %P. The %c is incompatible with PIE because it implies an immediate value whereas %P reference a symbol. Position Independent Executable (PIE) support will allow to extended the KASLR randomization range below the -2G memory limit. Signed-off-by: Thomas Garnier

Re: [PATCH v1 06/27] x86/entry/64: Adapt assembly for PIE support

On Fri, Oct 20, 2017 at 1:26 AM, Ingo Molnar wrote: > > * Thomas Garnier wrote: > >> Change the assembly code to use only relative references of symbols for the >> kernel to be PIE compatible. >> >> Position Independent Executable (PIE) support will allow

Re: [PATCH v1 01/27] x86/crypto: Adapt assembly for PIE support

On Fri, Oct 20, 2017 at 1:28 AM, Ard Biesheuvel wrote: > On 20 October 2017 at 09:24, Ingo Molnar wrote: >> >> * Thomas Garnier wrote: >> >>> Change the assembly code to use only relative references of symbols for the >>> kernel

Re: [PATCH v1 15/27] compiler: Option to default to hidden symbols

On Thu, Oct 12, 2017 at 1:02 PM, Luis R. Rodriguez wrote: > On Wed, Oct 11, 2017 at 01:30:15PM -0700, Thomas Garnier wrote: >> Provide an option to default visibility to hidden except for key >> symbols. This option is disabled by default and will be used by x86_64 >> PIE

Re: [PATCH v1 00/27] x86: PIE support and option to extend KASLR randomization

On Thu, Oct 12, 2017 at 9:28 AM, Tom Lendacky wrote: > On 10/12/2017 10:34 AM, Thomas Garnier wrote: >> >> On Wed, Oct 11, 2017 at 2:34 PM, Tom Lendacky >> wrote: >>> >>> On 10/11/2017 3:30 PM, Thomas Garnier wrote: Changes: -

[PATCH v1 27/27] x86/kaslr: Add option to extend KASLR range from 1GB to 3GB

Add a new CONFIG_RANDOMIZE_BASE_LARGE option to benefit from PIE support. It increases the KASLR range from 1GB to 3GB. The new range stars at 0x just above the EFI memory region. This option is off by default. The boot code is adapted to create the appropriate page table spanning

[PATCH v1 25/27] x86/pie: Add option to build the kernel as PIE

Add the CONFIG_X86_PIE option which builds the kernel as a Position Independent Executable (PIE). The kernel is currently build with the mcmodel=kernel option which forces it to stay on the top 2G of the virtual address space. With PIE, the kernel will be able to move below the current limit. The

Re: [PATCH v1 00/27] x86: PIE support and option to extend KASLR randomization

On Wed, Oct 11, 2017 at 2:34 PM, Tom Lendacky wrote: > On 10/11/2017 3:30 PM, Thomas Garnier wrote: >> Changes: >> - patch v1: >> - Simplify ftrace implementation. >> - Use gcc mstack-protector-guard-reg=%gs with PIE when possible. >> - rfc v3: >> - Use

[PATCH v1 26/27] x86/relocs: Add option to generate 64-bit relocations

The x86 relocation tool generates a list of 32-bit signed integers. There was no need to use 64-bit integers because all addresses where above the 2G top of the memory. This change add a large-reloc option to generate 64-bit unsigned integers. It can be used when the kernel plan to go below the

[PATCH v1 24/27] x86/mm: Make the x86 GOT read-only

The GOT is changed during early boot when relocations are applied. Make it read-only directly. This table exists only for PIE binary. Position Independent Executable (PIE) support will allow to extended the KASLR randomization range below the -2G memory limit. Signed-off-by: Thomas Garnier

[PATCH v1 22/27] x86/modules: Add option to start module section after kernel

Add an option so the module section is just after the mapped kernel. It will ensure position independent modules are always at the right distance from the kernel and do not require mcmodule=large. It also optimize the available size for modules by getting rid of the empty space on kernel

[PATCH v1 23/27] x86/modules: Adapt module loading for PIE support

Adapt module loading to support PIE relocations. Generate dynamic GOT if a symbol requires it but no entry exist in the kernel GOT. Position Independent Executable (PIE) support will allow to extended the KASLR randomization range below the -2G memory limit. Signed-off-by: Thomas Garnier

[PATCH v1 21/27] x86/mm/dump_pagetables: Fix address markers index on x86_64

The address_markers_idx enum is not aligned with the table when EFI is enabled. Add an EFI_VA_END_NR entry in this case. Signed-off-by: Thomas Garnier --- arch/x86/mm/dump_pagetables.c | 7 +-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git

[PATCH v1 18/27] kvm: Adapt assembly for PIE support

Change the assembly code to use only relative references of symbols for the kernel to be PIE compatible. The new __ASM_GET_PTR_PRE macro is used to get the address of a symbol on both 32 and 64-bit with PIE support. Position Independent Executable (PIE) support will allow to extended the KASLR

[PATCH v1 17/27] xen: Adapt assembly for PIE support

Change the assembly code to use the new _ASM_GET_PTR macro which get a symbol reference while being PIE compatible. Adapt the relocation tool to ignore 32-bit Xen code. Position Independent Executable (PIE) support will allow to extended the KASLR randomization range below the -2G memory limit.

[PATCH v1 19/27] x86: Support global stack cookie

Add an off-by-default configuration option to use a global stack cookie instead of the default TLS. This configuration option will only be used with PIE binaries. For kernel stack cookie, the compiler uses the mcmodel=kernel to switch between the fs segment to gs segment. A PIE binary does not

[PATCH v1 20/27] x86/ftrace: Adapt function tracing for PIE support

When using -fPIE/PIC with function tracing, the compiler generates a call through the GOT (call *__fentry__@GOTPCREL). This instruction takes 6 bytes instead of 5 on the usual relative call. If PIE is enabled, replace the 6th byte of the GOT call by a 1-byte nop so ftrace can handle the previous

[PATCH v1 15/27] compiler: Option to default to hidden symbols

Provide an option to default visibility to hidden except for key symbols. This option is disabled by default and will be used by x86_64 PIE support to remove errors between compilation units. The default visibility is also enabled for external symbols that are compared as they maybe equals

[PATCH v1 16/27] x86/relocs: Handle PIE relocations

Change the relocation tool to correctly handle relocations generated by -fPIE option: - Add relocation for each entry of the .got section given the linker does not generate R_X86_64_GLOB_DAT on a simple link. - Ignore R_X86_64_GOTPCREL and R_X86_64_PLT32. Signed-off-by: Thomas Garnier

[PATCH v1 13/27] x86/boot/64: Use _text in a global for PIE support

By default PIE generated code create only relative references so _text points to the temporary virtual address. Instead use a global variable so the relocation is done as expected. Position Independent Executable (PIE) support will allow to extended the KASLR randomization range below the -2G

[PATCH v1 14/27] x86/percpu: Adapt percpu for PIE support

Perpcu uses a clever design where the .percu ELF section has a virtual address of zero and the relocation code avoid relocating specific symbols. It makes the code simple and easily adaptable with or without SMP support. This design is incompatible with PIE because generated code always try to

[PATCH v1 12/27] x86/paravirt: Adapt assembly for PIE support

if PIE is enabled, switch the paravirt assembly constraints to be compatible. The %c/i constrains generate smaller code so is kept by default. Position Independent Executable (PIE) support will allow to extended the KASLR randomization range below the -2G memory limit. Signed-off-by: Thomas

[PATCH v1 11/27] x86/power/64: Adapt assembly for PIE support

Change the assembly code to use only relative references of symbols for the kernel to be PIE compatible. Position Independent Executable (PIE) support will allow to extended the KASLR randomization range below the -2G memory limit. Signed-off-by: Thomas Garnier ---

[PATCH v1 10/27] x86/boot/64: Adapt assembly for PIE support

Change the assembly code to use only relative references of symbols for the kernel to be PIE compatible. Early at boot, the kernel is mapped at a temporary address while preparing the page table. To know the changes needed for the page table with KASLR, the boot code calculate the difference

[PATCH v1 08/27] x86/CPU: Adapt assembly for PIE support

Change the assembly code to use only relative references of symbols for the kernel to be PIE compatible. Use the new _ASM_GET_PTR macro instead of the 'mov $symbol, %dst' construct to not have an absolute reference. Position Independent Executable (PIE) support will allow to extended the KASLR

[PATCH v1 05/27] x86: relocate_kernel - Adapt assembly for PIE support

Change the assembly code to use only relative references of symbols for the kernel to be PIE compatible. Position Independent Executable (PIE) support will allow to extended the KASLR randomization range below the -2G memory limit. Signed-off-by: Thomas Garnier ---

[PATCH v1 07/27] x86: pm-trace - Adapt assembly for PIE support

Change assembly to use the new _ASM_GET_PTR macro instead of _ASM_MOV for the assembly to be PIE compatible. Position Independent Executable (PIE) support will allow to extended the KASLR randomization range below the -2G memory limit. Signed-off-by: Thomas Garnier ---

[PATCH v1 06/27] x86/entry/64: Adapt assembly for PIE support

Change the assembly code to use only relative references of symbols for the kernel to be PIE compatible. Position Independent Executable (PIE) support will allow to extended the KASLR randomization range below the -2G memory limit. Signed-off-by: Thomas Garnier ---

[PATCH v1 09/27] x86/acpi: Adapt assembly for PIE support

Change the assembly code to use only relative references of symbols for the kernel to be PIE compatible. Position Independent Executable (PIE) support will allow to extended the KASLR randomization range below the -2G memory limit. Signed-off-by: Thomas Garnier ---

[PATCH v1 03/27] x86: Use symbol name in jump table for PIE support

Replace the %c constraint with %P. The %c is incompatible with PIE because it implies an immediate value whereas %P reference a symbol. Position Independent Executable (PIE) support will allow to extended the KASLR randomization range below the -2G memory limit. Signed-off-by: Thomas Garnier

[PATCH v1 04/27] x86: Add macro to get symbol address for PIE support

Add a new _ASM_GET_PTR macro to fetch a symbol address. It will be used to replace "_ASM_MOV $, %dst" code construct that are not compatible with PIE. Signed-off-by: Thomas Garnier --- arch/x86/include/asm/asm.h | 13 + 1 file changed, 13 insertions(+) diff

[PATCH v1 00/27] x86: PIE support and option to extend KASLR randomization

Changes: - patch v1: - Simplify ftrace implementation. - Use gcc mstack-protector-guard-reg=%gs with PIE when possible. - rfc v3: - Use --emit-relocs instead of -pie to reduce dynamic relocation space on mapped memory. It also simplifies the relocation process. - Move the start

[PATCH v1 01/27] x86/crypto: Adapt assembly for PIE support

Change the assembly code to use only relative references of symbols for the kernel to be PIE compatible. Position Independent Executable (PIE) support will allow to extended the KASLR randomization range below the -2G memory limit. Signed-off-by: Thomas Garnier ---

  1   2   >