From mboxrd@z Thu Jan  1 00:00:00 1970
From: hjl.tools@gmail.com
Subject: Re: x86: PIE support and option to extend KASLR
	randomization
Date: Sat, 23 Sep 2017 06:19:05 +0800
Message-ID: <59c58c7f.8256ca0a.15939.aa94@mx.google.com>
References: <20170816151235.oamkdva6cwpc4cex@gmail.com>
 <CAJcbSZFM_zpL1av1JVaow8NdsGeH+6oZKeDnMPdXR0PGfynzsg@mail.gmail.com>
 <20170817080920.5ljlkktngw2cisfg@gmail.com>
 <CAJcbSZGbtc-i0X1NiBAvZA7cxpGkwSLKNB7oDNCsFxOCdhkR_g@mail.gmail.com>
 <CAJcbSZGhvwt=5ERtBHLJnwS=6AXBZLTMfrafzeUCqYy=-MKWDg@mail.gmail.com>
 <20170825080443.tvvr6wzs362cjcuu@gmail.com>
 <CAJcbSZFJQMKw21kLwr4QGoSM7DMgKRzzjWxkYBF2c1HciCzvGg@mail.gmail.com>
 <CAJcbSZH6hwaWKrvUZR33ExYaZaWKMSv4tJJA3yZkniLvLbTFMw@mail.gmail.com>
 <20170921155919.skpyt7dutod5ul4t@gmail.com>
 <CAJcbSZHOuxy5BVxD0xJUdQfB-OMgbvfiP-2CJzf52K-7JZAy-A@mail.gmail.com>
 <20170922163225.bfrd5myl6d7deiim@gmail.com>
 <b65e912f-eeb3-5f1e-bb4a-2dffc0b6481e@zytor.com>
 <CAGXu5jKGTYVAKW7yA+ghsb=FYjjfh8MfOiRSEDSw883VN4KUMg@mail.gmail.com>
 <0c04349a-b9f1-5aae-517b-bd057705ae2e@zytor.com>
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="===============6277160620342490886=="
Return-path: <xen-devel-bounces@lists.xen.org>
Received: from mail6.bemta5.messagelabs.com ([195.245.231.135])
 by lists.xenproject.org with esmtp (Exim 4.84_2)
 (envelope-from <hjl.tools@gmail.com>) id 1dvWIV-0005Wr-D8
 for xen-devel@lists.xenproject.org; Fri, 22 Sep 2017 22:19:47 +0000
Received: by mail-oi0-f49.google.com with SMTP id 199so422060oii.11
 for <xen-devel@lists.xenproject.org>; Fri, 22 Sep 2017 15:19:45 -0700 (PDT)
In-Reply-To: <0c04349a-b9f1-5aae-517b-bd057705ae2e@zytor.com>
List-Unsubscribe: <https://lists.xen.org/cgi-bin/mailman/options/xen-devel>,
 <mailto:xen-devel-request@lists.xen.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xen.org>
List-Help: <mailto:xen-devel-request@lists.xen.org?subject=help>
List-Subscribe: <https://lists.xen.org/cgi-bin/mailman/listinfo/xen-devel>,
 <mailto:xen-devel-request@lists.xen.org?subject=subscribe>
Errors-To: xen-devel-bounces@lists.xen.org
Sender: "Xen-devel" <xen-devel-bounces@lists.xen.org>
To: "H. Peter Anvin" <hpa@zytor.com>, Kees Cook <keescook@chromium.org>
Cc: =?UTF-8?B?UmFkaW0gS3LEjW3DocWZ?= <rkrcmar@redhat.com>, Peter Zijlstra <peterz@infradead.org>, Paul Gortmaker <paul.gortmaker@windriver.com>, Pavel Machek <pavel@ucw.cz>, Christoph Lameter <cl@linux.com>, Ingo Molnar <mingo@kernel.org>, Herbert Xu <herbert@gondor.apana.org.au>, Joerg Roedel <joro@8bytes.org>, Matthias Kaehlcke <mka@chromium.org>, Borislav Petkov <bp@suse.de>, Len Brown <len.brown@intel.com>, Arnd Bergmann <arnd@arndb.de>, Brian Gerst <brgerst@gmail.com>, Andy Lutomirski <luto@kernel.org>, Josh Poimboeuf <jpoimboe@redhat.com>Chris, Boris Ostrovsky <boris.ostrovsky@oracle.com>, Ingo Molnar <mingo@redhat.com>, Juergen Gross <jgross@suse.com>, "Rafael J . Wysocki" <rjw@rjwysocki.net>, "David S . Miller" <davem@davemloft.net>, Thomas Gleixner <tglx@linutronix.de>, Tejun Heo <tj@kernel.org>, Paolo Bonzini <pbonzini@redhat.com>, Tom Lendacky <thomas.lendacky@a>
List-Id: xen-devel@lists.xenproject.org

<cmetcalf@mellanox.com>,Andrew Morton <akpm@linux-foundation.org>,"Paul E . McKenney" <paulmck@linux.vnet.ibm.com>,Nicolas Pitre <nicolas.pitre@linaro.org>,Christopher Li <sparse@chrisli.org>,"Rafael J . Wysocki" <rafael.j.wysocki@intel.com>,Lukas Wunner <lukas@wunner.de>,Mika Westerberg <mika.westerberg@linux.intel.com>,Dou Liyang <douly.fnst@cn.fujitsu.com>,Daniel Borkmann <daniel@iogearbox.net>,Alexei Starovoitov <ast@kernel.org>,Masahiro Yamada <yamada.masahiro@socionext.com>,Markus Trippelsdorf <markus@trippelsdorf.de>,Steven Rostedt <rostedt@goodmis.org>,Rik van Riel <riel@redhat.com>,David Howells <dhowells@redhat.com>,Waiman Long <longman@redhat.com>,Kyle Huey <me@kylehuey.com>,Peter Foley <pefoley2@pefoley.com>,Tim Chen <tim.c.chen@linux.intel.com>,Catalin Marinas <catalin.marinas
 @arm.com>,Ard Biesheuvel <ard.biesheuvel@linaro.org>,Michal Hocko <mhocko@suse.com>,Matthew Wilcox <mawilcox@microsoft.com>,Paul Bolle <pebolle@tiscali.nl>,Rob Landley <rob@landley.net>,Baoquan He
<bhe@redhat.com>,Daniel Micay <danielmicay@gmail.com>,the arch/x86 maintainers <x86@kernel.org>,Linux Crypto Mailing List <linux-crypto@vger.kernel.org>,LKML <linux-kernel@vger.kernel.org>,xen-devel <xen-devel@lists.xenproject.org>,kvm list <kvm@vger.kernel.org>,Linux PM list <linux-pm@vger.kernel.org>,linux-arch <linux-arch@vger.kernel.org>,Sparse Mailing-list <linux-sparse@vger.kernel.org>,Kernel Hardening <kernel-hardening@lists.openwall.com>,Linus Torvalds <torvalds@linux-foundation.org>,Peter Zijlstra <a.p.zijlstra@chello.nl>,Borislav Petkov <bp@alien8.de>
From: "H.J. Lu" <hjl.tools@gmail.com>
Message-ID: <F0C135AE-A09A-4A32-9A16-A0D4D289654A@gmail.com>

--===============6277160620342490886==
Content-Type: multipart/alternative; boundary="----DCV1E2NVH8OXPCGELC0L4RHZQKF2KC"
Content-Transfer-Encoding: 7bit

<cmetcalf@mellanox.com>,Andrew Morton <akpm@linux-foundation.org>,"Paul E . McKenney" <paulmck@linux.vnet.ibm.com>,Nicolas Pitre <nicolas.pitre@linaro.org>,Christopher Li <sparse@chrisli.org>,"Rafael J . Wysocki" <rafael.j.wysocki@intel.com>,Lukas Wunner <lukas@wunner.de>,Mika Westerberg <mika.westerberg@linux.intel.com>,Dou Liyang <douly.fnst@cn.fujitsu.com>,Daniel Borkmann <daniel@iogearbox.net>,Alexei Starovoitov <ast@kernel.org>,Masahiro Yamada <yamada.masahiro@socionext.com>,Markus Trippelsdorf <markus@trippelsdorf.de>,Steven Rostedt <rostedt@goodmis.org>,Rik van Riel <riel@redhat.com>,David Howells <dhowells@redhat.com>,Waiman Long <longman@redhat.com>,Kyle Huey <me@kylehuey.com>,Peter Foley <pefoley2@pefoley.com>,Tim Chen <tim.c.chen@linux.intel.com>,Catalin Marinas <catalin.marinas
 @arm.com>,Ard Biesheuvel <ard.biesheuvel@linaro.org>,Michal Hocko <mhocko@suse.com>,Matthew Wilcox <mawilcox@microsoft.com>,Paul Bolle <pebolle@tiscali.nl>,Rob Landley <rob@landley.net>,Baoquan He
<bhe@redhat.com>,Daniel Micay <danielmicay@gmail.com>,the arch/x86 maintainers <x86@kernel.org>,Linux Crypto Mailing List <linux-crypto@vger.kernel.org>,LKML <linux-kernel@vger.kernel.org>,xen-devel <xen-devel@lists.xenproject.org>,kvm list <kvm@vger.kernel.org>,Linux PM list <linux-pm@vger.kernel.org>,linux-arch <linux-arch@vger.kernel.org>,Sparse Mailing-list <linux-sparse@vger.kernel.org>,Kernel Hardening <kernel-hardening@lists.openwall.com>,Linus Torvalds <torvalds@linux-foundation.org>,Peter Zijlstra <a.p.zijlstra@chello.nl>,Borislav Petkov <bp@alien8.de>
From: "H.J. Lu" <hjl.tools@gmail.com>
Message-ID: <F0C135AE-A09A-4A32-9A16-A0D4D289654A@gmail.com>

------DCV1E2NVH8OXPCGELC0L4RHZQKF2KC
Content-Type: text/plain;
 charset=utf-8
Content-Transfer-Encoding: quoted-printable



On September 23, 2017 3:06:16 AM GMT+08:00, "H=2E Peter Anvin" <hpa@zytor=
=2Ecom> wrote:
>On 09/22/17 11:57, Kees Cook wrote:
>> On Fri, Sep 22, 2017 at 11:38 AM, H=2E Peter Anvin <hpa@zytor=2Ecom>
>wrote:
>>> We lose EBX on 32 bits, but we don't lose RBX on 64 bits - since
>x86-64
>>> has RIP-relative addressing there is no need for a dedicated PIC
>register=2E
>>=20
>> FWIW, since gcc 5, the PIC register isn't totally lost=2E It is now
>> reusable, and that seems to have improved performance:
>> https://gcc=2Egnu=2Eorg/gcc-5/changes=2Ehtml
>
>It still talks about a PIC register on x86-64, which confuses me=2E
>Perhaps older gcc's would allocate a PIC register under certain
>circumstances, and then lose it for the entire function?
>
>For i386, the PIC register is required by the ABI to be %ebx at the
>point any PLT entry is called=2E  Not an issue with -mno-plt which goes
>straight to the GOT, although in most cases there needs to be a PIC
>register to find the GOT unless load-time relocation is permitted=2E
>
>	-hpa

We need a static PIE option so that compiler can optimize it
without using hidden visibility=2E

H=2EJ=2E
Sent from my Android device with K-9 Mail=2E Please excuse my brevity=2E
------DCV1E2NVH8OXPCGELC0L4RHZQKF2KC
Content-Type: text/html;
 charset=utf-8
Content-Transfer-Encoding: quoted-printable

<html><head></head><body><br><br><div class=3D"gmail_quote">On September 23=
, 2017 3:06:16 AM GMT+08:00, &quot;H=2E Peter Anvin&quot; &lt;hpa@zytor=2Ec=
om&gt; wrote:<blockquote class=3D"gmail_quote" style=3D"margin: 0pt 0pt 0pt=
 0=2E8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
<pre class=3D"k9mail">On 09/22/17 11:57, Kees Cook wrote:<br /><blockquote=
 class=3D"gmail_quote" style=3D"margin: 0pt 0pt 1ex 0=2E8ex; border-left: 1=
px solid #729fcf; padding-left: 1ex;"> On Fri, Sep 22, 2017 at 11:38 AM, H=
=2E Peter Anvin &lt;hpa@zytor=2Ecom&gt; wrote:<br /><blockquote class=3D"gm=
ail_quote" style=3D"margin: 0pt 0pt 1ex 0=2E8ex; border-left: 1px solid #ad=
7fa8; padding-left: 1ex;"> We lose EBX on 32 bits, but we don't lose RBX on=
 64 bits - since x86-64<br /> has RIP-relative addressing there is no need =
for a dedicated PIC register=2E<br /></blockquote> <br /> FWIW, since gcc 5=
, the PIC register isn't totally lost=2E It is now<br /> reusable, and that=
 seems to have improved performance:<br /> <a href=3D"https://gcc=2Egnu=2Eo=
rg/gcc-5/changes=2Ehtml">https://gcc=2Egnu=2Eorg/gcc-5/changes=2Ehtml</a><b=
r /></blockquote><br />It still talks about a PIC register on x86-64, which=
 confuses me=2E<br />Perhaps older gcc's would allocate a PIC register unde=
r certain<br />circumstances, and then lose it for the entire function?<br =
/><br />For i386, the PIC register is required by the ABI to be %ebx at the=
<br />point any PLT entry is called=2E  Not an issue with -mno-plt which go=
es<br />straight to the GOT, although in most cases there needs to be a PIC=
<br />register to find the GOT unless load-time relocation is permitted=2E<=
br /><br /> -hpa<br /><br /></pre></blockquote></div><br>
We need a static PIE option so that compiler can optimize it<br>
without using hidden visibility=2E<br>
<br>
H=2EJ=2E<br>
Sent from my Android device with K-9 Mail=2E Please excuse my brevity=2E</=
body></html>
------DCV1E2NVH8OXPCGELC0L4RHZQKF2KC--


--===============6277160620342490886==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline

X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18KWGVuLWRldmVs
IG1haWxpbmcgbGlzdApYZW4tZGV2ZWxAbGlzdHMueGVuLm9yZwpodHRwczovL2xpc3RzLnhlbi5v
cmcveGVuLWRldmVsCg==

--===============6277160620342490886==--