From mboxrd@z Thu Jan  1 00:00:00 1970
From: Markus Trippelsdorf <markus@trippelsdorf.de>
Subject: Re: x86: PIE support and option to extend KASLR
	randomization
Date: Fri, 22 Sep 2017 06:24:44 +0200
Message-ID: <20170922042444.GA235@x4>
References: <CAJcbSZFM_zpL1av1JVaow8NdsGeH+6oZKeDnMPdXR0PGfynzsg@mail.gmail.com>
 <20170817080920.5ljlkktngw2cisfg@gmail.com>
 <CAJcbSZGbtc-i0X1NiBAvZA7cxpGkwSLKNB7oDNCsFxOCdhkR_g@mail.gmail.com>
 <CAJcbSZGhvwt=5ERtBHLJnwS=6AXBZLTMfrafzeUCqYy=-MKWDg@mail.gmail.com>
 <20170825080443.tvvr6wzs362cjcuu@gmail.com>
 <CAJcbSZFJQMKw21kLwr4QGoSM7DMgKRzzjWxkYBF2c1HciCzvGg@mail.gmail.com>
 <CAJcbSZH6hwaWKrvUZR33ExYaZaWKMSv4tJJA3yZkniLvLbTFMw@mail.gmail.com>
 <20170921155919.skpyt7dutod5ul4t@gmail.com>
 <CAKv+Gu8Uw18pW9nK8aVdBoyuybAV6_mhtagVrje_cBUHMGY4WA@mail.gmail.com>
 <CAJcbSZGAsXwMNWnZUs28-3f--ssUYh75XW+aoQztPFYe0j52yQ@mail.gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
Cc: Nicolas Pitre <nicolas.pitre@linaro.org>,
 Peter Zijlstra <a.p.zijlstra@chello.nl>, Michal Hocko <mhocko@suse.com>,
 Len Brown <len.brown@intel.com>,
 Radim =?utf-8?B?S3LEjW3DocWZ?= <rkrcmar@redhat.com>,
 Peter Zijlstra <peterz@infradead.org>,
 Catalin Marinas <catalin.marinas@arm.com>, Christopher Li <sparse@chrisli.org>,
 Alexei Starovoitov <ast@kernel.org>, David Howells <dhowells@redhat.com>,
 Paul Gortmaker <paul.gortmaker@windriver.com>, Pavel Machek <pavel@ucw.cz>,
 "H . Peter Anvin" <hpa@zytor.com>,
 Kernel Hardening <kernel-hardening@lists.openwall.com>,
 Christoph Lameter <cl@linux.com>, Ingo Molnar <mingo@kernel.org>,
 Kees Cook <keescook@chromium.org>, the arch/x86 maintainers <x86@kernel.org>,
 Herbert Xu <herbert@gondor.apana.org.au>,
 Daniel Borkmann <daniel@iogearbox.net>,
 Matthew Wilcox <mawilcox@microsoft.com>, Peter Foley <pefoley2@pefoley.com>,
 Joerg Roedel <jor
To: Thomas Garnier <thgarnie@google.com>
Return-path: <xen-devel-bounces@lists.xen.org>
Content-Disposition: inline
In-Reply-To: <CAJcbSZGAsXwMNWnZUs28-3f--ssUYh75XW+aoQztPFYe0j52yQ@mail.gmail.com>
List-Unsubscribe: <https://lists.xen.org/cgi-bin/mailman/options/xen-devel>,
 <mailto:xen-devel-request@lists.xen.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xen.org>
List-Help: <mailto:xen-devel-request@lists.xen.org?subject=help>
List-Subscribe: <https://lists.xen.org/cgi-bin/mailman/listinfo/xen-devel>,
 <mailto:xen-devel-request@lists.xen.org?subject=subscribe>
Errors-To: xen-devel-bounces@lists.xen.org
Sender: "Xen-devel" <xen-devel-bounces@lists.xen.org>
List-Id: linux-crypto.vger.kernel.org

T24gMjAxNy4wOS4yMSBhdCAxNDoyMSAtMDcwMCwgVGhvbWFzIEdhcm5pZXIgd3JvdGU6Cj4gT24g
VGh1LCBTZXAgMjEsIDIwMTcgYXQgOToxMCBBTSwgQXJkIEJpZXNoZXV2ZWwKPiA8YXJkLmJpZXNo
ZXV2ZWxAbGluYXJvLm9yZz4gd3JvdGU6Cj4gPgo+ID4gT24gMjEgU2VwdGVtYmVyIDIwMTcgYXQg
MDg6NTksIEluZ28gTW9sbmFyIDxtaW5nb0BrZXJuZWwub3JnPiB3cm90ZToKPiA+ID4KPiA+ID4g
KCBTb3JyeSBhYm91dCB0aGUgZGVsYXkgaW4gYW5zd2VyaW5nIHRoaXMuIEkgY291bGQgYmxhbWUg
dGhlIGRlbGF5IG9uIHRoZSBtZXJnZQo+ID4gPiAgIHdpbmRvdywgYnV0IGluIHJlYWxpdHkgSSd2
ZSBiZWVuIHByb2NyYXN0aW5hdGluZyB0aGlzIGlzIGR1ZSB0byB0aGUgcGVybWFuZW50LAo+ID4g
PiAgIG5vbi10cml2aWFsIGltcGFjdCBQSUUgaGFzIG9uIGdlbmVyYXRlZCBDIGNvZGUuICkKPiA+
ID4KPiA+ID4gKiBUaG9tYXMgR2FybmllciA8dGhnYXJuaWVAZ29vZ2xlLmNvbT4gd3JvdGU6Cj4g
PiA+Cj4gPiA+PiAxKSBQSUUgc29tZXRpbWUgbmVlZHMgdHdvIGluc3RydWN0aW9ucyB0byByZXBy
ZXNlbnQgYSBzaW5nbGUKPiA+ID4+IGluc3RydWN0aW9uIG9uIG1jbW9kZWw9a2VybmVsLgo+ID4g
Pgo+ID4gPiBXaGF0IGFnYWluIGlzIHRoZSB0eXBpY2FsIGZyZXF1ZW5jeSBvZiB0aGlzIG9jY3Vy
cmluZyBpbiBhbiB4ODYtNjQgZGVmY29uZmlnCj4gPiA+IGtlcm5lbCwgd2l0aCB0aGUgdmVyeSBs
YXRlc3QgR0NDPwo+ID4gPgo+ID4gPiBBbHNvLCB0byBtYWtlIHN1cmU6IHdoaWNoIHVud2luZGVy
IGRpZCB5b3UgdXNlIGZvciB5b3VyIG1lYXN1cmVtZW50cywKPiA+ID4gZnJhbWUtcG9pbnRlcnMg
b3IgT1JDPyBQbGVhc2UgdXNlIE9SQyBvbmx5IGZvciBmdXR1cmUgbnVtYmVycywgYXMKPiA+ID4g
ZnJhbWUtcG9pbnRlcnMgaXMgb2Jzb2xldGUgZnJvbSBhIHBlcmZvcm1hbmNlIG1lYXN1cmVtZW50
IFBPVi4KPiA+ID4KPiA+ID4+IDIpIEdDQyBkb2VzIG5vdCBvcHRpbWl6ZSBzd2l0Y2hlcyBpbiBQ
SUUgaW4gb3JkZXIgdG8gcmVkdWNlIHJlbG9jYXRpb25zOgo+ID4gPgo+ID4gPiBIb3BlZnVsbHkg
dGhpcyBjYW4gZWl0aGVyIGJlIGZpeGVkIGluIEdDQyBvciBhdCBsZWFzdCBpbmZsdWVuY2VkIHZp
YSBhIGNvbXBpbGVyCj4gPiA+IHN3aXRjaCBpbiB0aGUgZnV0dXJlLgo+ID4gPgo+ID4KPiA+IFRo
ZXJlIGFyZSBzb21ld2hhdCByZWxhdGVkIGNvbmNlcm5zIGluIHRoZSBBUk0gd29ybGQsIHNvIGl0
IHdvdWxkIGJlCj4gPiBnb29kIGlmIHdlIGNvdWxkIHdvcmsgd2l0aCB0aGUgR0NDIGRldmVsb3Bl
cnMgdG8gZ2V0IGEgbW9yZSBoaWdoIGxldmVsCj4gPiBhbmQgYXJjaCBuZXV0cmFsIGNvbW1hbmQg
bGluZSBvcHRpb24gKC1ta2VybmVsLXBpZT8gc291bmRzIHl1bW15ISkKPiA+IHRoYXQgc3RvcHMg
dGhlIGNvbXBpbGVyIGZyb20gbWFraW5nIGluZmVyZW5jZXMgdGhhdCBvbmx5IGhvbGQgZm9yCj4g
PiBzaGFyZWQgbGlicmFyaWVzIGFuZC9vciBvdGhlciBob3N0ZWQgZXhlY3V0YWJsZXMgKEdPVCBp
bmRpcmVjdGlvbnMsCj4gPiBhdm9pZGluZyB0ZXh0IHJlbG9jYXRpb25zIGV0YykuIFRoYXQgd2F5
LCB3ZSB3aWxsIGFsc28gYmUgYWJsZSB0byBkcm9wCj4gPiB0aGUgJ2hpZGRlbicgdmlzaWJpbGl0
eSBvdmVycmlkZSBhdCBzb21lIHBvaW50LCB3aGljaCB3ZSBjdXJyZW50bHkKPiA+IG5lZWQgdG8g
cHJldmVudCB0aGUgY29tcGlsZXIgZnJvbSByZWRpcmVjdGluZyBhbGwgZ2xvYmFsIHN5bWJvbAo+
ID4gcmVmZXJlbmNlcyB2aWEgZW50cmllcyBpbiB0aGUgR09ULgo+IAo+IE15IHBsYW4gd2FzIHRv
IGFkZCBhIC1tdGxzLXJlZz08ZnN8Z3M+IHRvIHN3aXRjaCB0aGUgZGVmYXVsdCBzZWdtZW50Cj4g
cmVnaXN0ZXIgZm9yIHN0YWNrIGNvb2tpZXMgYnV0IEkgY2FuIHNlZSBncmVhdCBiZW5lZml0cyBp
biBoYXZpbmcgYQo+IG1vcmUgZ2VuZXJhbCBrZXJuZWwgZmxhZyB0aGF0IHdvdWxkIGFsbG93IHRv
IGdldCByaWQgb2YgdGhlIEdPVCBhbmQKPiBQTFQgd2hlbiB5b3UgYXJlIGJ1aWxkaW5nIHBvc2l0
aW9uIGluZGVwZW5kZW50IGNvZGUgZm9yIHRoZSBrZXJuZWwuIEl0Cj4gY291bGQgYWxzbyBpbmNs
dWRlIG9wdGltaXphdGlvbnMgbGlrZSBmb2xkaW5nIHN3aXRjaCB0YWJsZXMgZXRjLi4uCj4gCj4g
U2hvdWxkIHdlIHN0YXJ0IGEgc2VwYXJhdGUgZGlzY3Vzc2lvbiBvbiB0aGF0PyBBbnlvbmUgdGhh
dCB3b3VsZCBiZQo+IG1vcmUgZXhwZXJpZW5jZWQgdGhhbiBJIHRvIHB1c2ggdGhhdCB0byBnY2Mg
JiBjbGFuZyB1cHN0cmVhbT8KCkp1c3Qgb3BlbiBhIGdjYyBidWcuIFNlZQpodHRwczovL2djYy5n
bnUub3JnL2J1Z3ppbGxhL3Nob3dfYnVnLmNnaT9pZD04MTcwOCBhcyBhbiBleGFtcGxlLgoKLS0g
Ck1hcmt1cwoKX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18K
WGVuLWRldmVsIG1haWxpbmcgbGlzdApYZW4tZGV2ZWxAbGlzdHMueGVuLm9yZwpodHRwczovL2xp
c3RzLnhlbi5vcmcveGVuLWRldmVsCg==

From mboxrd@z Thu Jan  1 00:00:00 1970
Date: Fri, 22 Sep 2017 06:24:44 +0200
From: Markus Trippelsdorf <markus@trippelsdorf.de>
Message-ID: <20170922042444.GA235@x4>
References: <CAJcbSZFM_zpL1av1JVaow8NdsGeH+6oZKeDnMPdXR0PGfynzsg@mail.gmail.com>
 <20170817080920.5ljlkktngw2cisfg@gmail.com>
 <CAJcbSZGbtc-i0X1NiBAvZA7cxpGkwSLKNB7oDNCsFxOCdhkR_g@mail.gmail.com>
 <CAJcbSZGhvwt=5ERtBHLJnwS=6AXBZLTMfrafzeUCqYy=-MKWDg@mail.gmail.com>
 <20170825080443.tvvr6wzs362cjcuu@gmail.com>
 <CAJcbSZFJQMKw21kLwr4QGoSM7DMgKRzzjWxkYBF2c1HciCzvGg@mail.gmail.com>
 <CAJcbSZH6hwaWKrvUZR33ExYaZaWKMSv4tJJA3yZkniLvLbTFMw@mail.gmail.com>
 <20170921155919.skpyt7dutod5ul4t@gmail.com>
 <CAKv+Gu8Uw18pW9nK8aVdBoyuybAV6_mhtagVrje_cBUHMGY4WA@mail.gmail.com>
 <CAJcbSZGAsXwMNWnZUs28-3f--ssUYh75XW+aoQztPFYe0j52yQ@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <CAJcbSZGAsXwMNWnZUs28-3f--ssUYh75XW+aoQztPFYe0j52yQ@mail.gmail.com>
Subject: [kernel-hardening] Re: x86: PIE support and option to extend KASLR randomization
To: Thomas Garnier <thgarnie@google.com>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>, Ingo Molnar <mingo@kernel.org>, Herbert Xu <herbert@gondor.apana.org.au>, "David S . Miller" <davem@davemloft.net>, Thomas Gleixner <tglx@linutronix.de>, Ingo Molnar <mingo@redhat.com>, "H . Peter Anvin" <hpa@zytor.com>, Peter Zijlstra <peterz@infradead.org>, Josh Poimboeuf <jpoimboe@redhat.com>, Arnd Bergmann <arnd@arndb.de>, Matthias Kaehlcke <mka@chromium.org>, Boris Ostrovsky <boris.ostrovsky@oracle.com>, Juergen Gross <jgross@suse.com>, Paolo Bonzini <pbonzini@redhat.com>, Radim =?utf-8?B?S3LEjW3DocWZ?= <rkrcmar@redhat.com>, Joerg Roedel <joro@8bytes.org>, Tom Lendacky <thomas.lendacky@amd.com>, Andy Lutomirski <luto@kernel.org>, Borislav Petkov <bp@suse.de>, Brian Gerst <brgerst@gmail.com>, "Kirill A . Shutemov" <kirill.shutemov@linux.intel.com>, "Rafael J . Wysocki" <rjw@rjwysocki.net>, Len Brown <len.brown@intel.com>, Pavel Machek <pavel@ucw.cz>, Tejun Heo <tj@kernel.org>, Christoph Lameter <cl@linux.com>, Paul Gortmaker <paul.gortmaker@windriver.com>, Chris Metcalf <cmetcalf@mellanox.com>, Andrew Morton <akpm@linux-foundation.org>, "Paul E . McKenney" <paulmck@linux.vnet.ibm.com>, Nicolas Pitre <nicolas.pitre@linaro.org>, Christopher Li <sparse@chrisli.org>, "Rafael J . Wysocki" <rafael.j.wysocki@intel.com>, Lukas Wunner <lukas@wunner.de>, Mika Westerberg <mika.westerberg@linux.intel.com>, Dou Liyang <douly.fnst@cn.fujitsu.com>, Daniel Borkmann <daniel@iogearbox.net>, Alexei Starovoitov <ast@kernel.org>, Masahiro Yamada <yamada.masahiro@socionext.com>, Steven Rostedt <rostedt@goodmis.org>, Kees Cook <keescook@chromium.org>, Rik van Riel <riel@redhat.com>, David Howells <dhowells@redhat.com>, Waiman Long <longman@redhat.com>, Kyle Huey <me@kylehuey.com>, Peter Foley <pefoley2@pefoley.com>, Tim Chen <tim.c.chen@linux.intel.com>, Catalin Marinas <catalin.marinas@arm.com>, Michal Hocko <mhocko@suse.com>, Matthew Wilcox <mawilcox@microsoft.com>, "H . J . Lu" <hjl.tools@gmail.com>, Paul Bolle <pebolle@tiscali.nl>, Rob Landley <rob@landley.net>, Baoquan He <bhe@redhat.com>, Daniel Micay <danielmicay@gmail.com>, the arch/x86 maintainers <x86@kernel.org>, Linux Crypto Mailing List <linux-crypto@vger.kernel.org>, LKML <linux-kernel@vger.kernel.org>, xen-devel <xen-devel@lists.xenproject.org>, kvm list <kvm@vger.kernel.org>, Linux PM list <linux-pm@vger.kernel.org>, linux-arch <linux-arch@vger.kernel.org>, Sparse Mailing-list <linux-sparse@vger.kernel.org>, Kernel Hardening <kernel-hardening@lists.openwall.com>, Linus Torvalds <torvalds@linux-foundation.org>, Peter Zijlstra <a.p.zijlstra@chello.nl>, Borislav Petkov <bp@alien8.de>
List-ID: <kernel-hardening.lists.openwall.com>

On 2017.09.21 at 14:21 -0700, Thomas Garnier wrote:
> On Thu, Sep 21, 2017 at 9:10 AM, Ard Biesheuvel
> <ard.biesheuvel@linaro.org> wrote:
> >
> > On 21 September 2017 at 08:59, Ingo Molnar <mingo@kernel.org> wrote:
> > >
> > > ( Sorry about the delay in answering this. I could blame the delay on the merge
> > >   window, but in reality I've been procrastinating this is due to the permanent,
> > >   non-trivial impact PIE has on generated C code. )
> > >
> > > * Thomas Garnier <thgarnie@google.com> wrote:
> > >
> > >> 1) PIE sometime needs two instructions to represent a single
> > >> instruction on mcmodel=kernel.
> > >
> > > What again is the typical frequency of this occurring in an x86-64 defconfig
> > > kernel, with the very latest GCC?
> > >
> > > Also, to make sure: which unwinder did you use for your measurements,
> > > frame-pointers or ORC? Please use ORC only for future numbers, as
> > > frame-pointers is obsolete from a performance measurement POV.
> > >
> > >> 2) GCC does not optimize switches in PIE in order to reduce relocations:
> > >
> > > Hopefully this can either be fixed in GCC or at least influenced via a compiler
> > > switch in the future.
> > >
> >
> > There are somewhat related concerns in the ARM world, so it would be
> > good if we could work with the GCC developers to get a more high level
> > and arch neutral command line option (-mkernel-pie? sounds yummy!)
> > that stops the compiler from making inferences that only hold for
> > shared libraries and/or other hosted executables (GOT indirections,
> > avoiding text relocations etc). That way, we will also be able to drop
> > the 'hidden' visibility override at some point, which we currently
> > need to prevent the compiler from redirecting all global symbol
> > references via entries in the GOT.
> 
> My plan was to add a -mtls-reg=<fs|gs> to switch the default segment
> register for stack cookies but I can see great benefits in having a
> more general kernel flag that would allow to get rid of the GOT and
> PLT when you are building position independent code for the kernel. It
> could also include optimizations like folding switch tables etc...
> 
> Should we start a separate discussion on that? Anyone that would be
> more experienced than I to push that to gcc & clang upstream?

Just open a gcc bug. See
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=81708 as an example.

-- 
Markus