* [PATCH v9 07/11] x86/acpi: Adapt assembly for PIE support
2019-07-30 19:12 [PATCH v9 00/11] x86: PIE support to extend KASLR randomization Thomas Garnier
@ 2019-07-30 19:12 ` Thomas Garnier
2019-07-30 19:12 ` [PATCH v9 09/11] x86/power/64: " Thomas Garnier
2019-08-06 15:43 ` [PATCH v9 00/11] x86: PIE support to extend KASLR randomization Borislav Petkov
2 siblings, 0 replies; 7+ messages in thread
From: Thomas Garnier @ 2019-07-30 19:12 UTC (permalink / raw)
To: kernel-hardening
Cc: kristen, keescook, Thomas Garnier, Pavel Machek,
Rafael J . Wysocki, Rafael J. Wysocki, Len Brown,
Thomas Gleixner, Ingo Molnar, Borislav Petkov, H. Peter Anvin,
x86, linux-pm, linux-kernel
Change the assembly code to use only relative references of symbols for the
kernel to be PIE compatible.
Position Independent Executable (PIE) support will allow to extend the
KASLR randomization range below 0xffffffff80000000.
Signed-off-by: Thomas Garnier <thgarnie@chromium.org>
Acked-by: Pavel Machek <pavel@ucw.cz>
Acked-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
---
arch/x86/kernel/acpi/wakeup_64.S | 31 ++++++++++++++++---------------
1 file changed, 16 insertions(+), 15 deletions(-)
diff --git a/arch/x86/kernel/acpi/wakeup_64.S b/arch/x86/kernel/acpi/wakeup_64.S
index b0715c3ac18d..3ec6c1b74ad4 100644
--- a/arch/x86/kernel/acpi/wakeup_64.S
+++ b/arch/x86/kernel/acpi/wakeup_64.S
@@ -15,7 +15,7 @@
* Hooray, we are in Long 64-bit mode (but still running in low memory)
*/
ENTRY(wakeup_long64)
- movq saved_magic, %rax
+ movq saved_magic(%rip), %rax
movq $0x123456789abcdef0, %rdx
cmpq %rdx, %rax
jne bogus_64_magic
@@ -26,14 +26,14 @@ ENTRY(wakeup_long64)
movw %ax, %es
movw %ax, %fs
movw %ax, %gs
- movq saved_rsp, %rsp
+ movq saved_rsp(%rip), %rsp
- movq saved_rbx, %rbx
- movq saved_rdi, %rdi
- movq saved_rsi, %rsi
- movq saved_rbp, %rbp
+ movq saved_rbx(%rip), %rbx
+ movq saved_rdi(%rip), %rdi
+ movq saved_rsi(%rip), %rsi
+ movq saved_rbp(%rip), %rbp
- movq saved_rip, %rax
+ movq saved_rip(%rip), %rax
jmp *%rax
ENDPROC(wakeup_long64)
@@ -46,7 +46,7 @@ ENTRY(do_suspend_lowlevel)
xorl %eax, %eax
call save_processor_state
- movq $saved_context, %rax
+ leaq saved_context(%rip), %rax
movq %rsp, pt_regs_sp(%rax)
movq %rbp, pt_regs_bp(%rax)
movq %rsi, pt_regs_si(%rax)
@@ -65,13 +65,14 @@ ENTRY(do_suspend_lowlevel)
pushfq
popq pt_regs_flags(%rax)
- movq $.Lresume_point, saved_rip(%rip)
+ leaq .Lresume_point(%rip), %rax
+ movq %rax, saved_rip(%rip)
- movq %rsp, saved_rsp
- movq %rbp, saved_rbp
- movq %rbx, saved_rbx
- movq %rdi, saved_rdi
- movq %rsi, saved_rsi
+ movq %rsp, saved_rsp(%rip)
+ movq %rbp, saved_rbp(%rip)
+ movq %rbx, saved_rbx(%rip)
+ movq %rdi, saved_rdi(%rip)
+ movq %rsi, saved_rsi(%rip)
addq $8, %rsp
movl $3, %edi
@@ -83,7 +84,7 @@ ENTRY(do_suspend_lowlevel)
.align 4
.Lresume_point:
/* We don't restore %rax, it must be 0 anyway */
- movq $saved_context, %rax
+ leaq saved_context(%rip), %rax
movq saved_context_cr4(%rax), %rbx
movq %rbx, %cr4
movq saved_context_cr3(%rax), %rbx
--
2.22.0.770.g0f2c4a37fd-goog
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [PATCH v9 09/11] x86/power/64: Adapt assembly for PIE support
2019-07-30 19:12 [PATCH v9 00/11] x86: PIE support to extend KASLR randomization Thomas Garnier
2019-07-30 19:12 ` [PATCH v9 07/11] x86/acpi: Adapt assembly for PIE support Thomas Garnier
@ 2019-07-30 19:12 ` Thomas Garnier
2019-08-06 15:43 ` [PATCH v9 00/11] x86: PIE support to extend KASLR randomization Borislav Petkov
2 siblings, 0 replies; 7+ messages in thread
From: Thomas Garnier @ 2019-07-30 19:12 UTC (permalink / raw)
To: kernel-hardening
Cc: kristen, keescook, Thomas Garnier, Pavel Machek,
Rafael J . Wysocki, Rafael J. Wysocki, Thomas Gleixner,
Ingo Molnar, Borislav Petkov, H. Peter Anvin, x86, linux-pm,
linux-kernel
Change the assembly code to use only relative references of symbols for the
kernel to be PIE compatible.
Position Independent Executable (PIE) support will allow to extend the
KASLR randomization range below 0xffffffff80000000.
Signed-off-by: Thomas Garnier <thgarnie@chromium.org>
Acked-by: Pavel Machek <pavel@ucw.cz>
Acked-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
---
arch/x86/power/hibernate_asm_64.S | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/arch/x86/power/hibernate_asm_64.S b/arch/x86/power/hibernate_asm_64.S
index a4d5eb0a7ece..796cd19d575b 100644
--- a/arch/x86/power/hibernate_asm_64.S
+++ b/arch/x86/power/hibernate_asm_64.S
@@ -23,7 +23,7 @@
#include <asm/frame.h>
ENTRY(swsusp_arch_suspend)
- movq $saved_context, %rax
+ leaq saved_context(%rip), %rax
movq %rsp, pt_regs_sp(%rax)
movq %rbp, pt_regs_bp(%rax)
movq %rsi, pt_regs_si(%rax)
@@ -114,7 +114,7 @@ ENTRY(restore_registers)
movq %rax, %cr4; # turn PGE back on
/* We don't restore %rax, it must be 0 anyway */
- movq $saved_context, %rax
+ leaq saved_context(%rip), %rax
movq pt_regs_sp(%rax), %rsp
movq pt_regs_bp(%rax), %rbp
movq pt_regs_si(%rax), %rsi
--
2.22.0.770.g0f2c4a37fd-goog
^ permalink raw reply related [flat|nested] 7+ messages in thread
* Re: [PATCH v9 00/11] x86: PIE support to extend KASLR randomization
2019-07-30 19:12 [PATCH v9 00/11] x86: PIE support to extend KASLR randomization Thomas Garnier
2019-07-30 19:12 ` [PATCH v9 07/11] x86/acpi: Adapt assembly for PIE support Thomas Garnier
2019-07-30 19:12 ` [PATCH v9 09/11] x86/power/64: " Thomas Garnier
@ 2019-08-06 15:43 ` Borislav Petkov
2019-08-06 15:50 ` Peter Zijlstra
2 siblings, 1 reply; 7+ messages in thread
From: Borislav Petkov @ 2019-08-06 15:43 UTC (permalink / raw)
To: Thomas Garnier
Cc: kernel-hardening, kristen, keescook, Herbert Xu, David S. Miller,
Thomas Gleixner, Ingo Molnar, H. Peter Anvin, x86,
Andy Lutomirski, Juergen Gross, Thomas Hellstrom, VMware, Inc.,
Rafael J. Wysocki, Len Brown, Pavel Machek, Peter Zijlstra,
Nadav Amit, Jann Horn, Feng Tang, Maran Wilson, Enrico Weigelt,
Allison Randal, Alexios Zavras, linux-crypto, linux-kernel,
virtualization, linux-pm
On Tue, Jul 30, 2019 at 12:12:44PM -0700, Thomas Garnier wrote:
> These patches make some of the changes necessary to build the kernel as
> Position Independent Executable (PIE) on x86_64. Another patchset will
> add the PIE option and larger architecture changes.
Yeah, about this: do we have a longer writeup about the actual benefits
of all this and why we should take this all? After all, after looking
at the first couple of asm patches, it is posing restrictions to how
we deal with virtual addresses in asm (only RIP-relative addressing in
64-bit mode, MOVs with 64-bit immediates, etc, for example) and I'm
willing to bet money that some future unrelated change will break PIE
sooner or later. And I'd like to have a better justification why we
should enforce those new "rules" unconditionally.
Thx.
--
Regards/Gruss,
Boris.
Good mailing practices for 400: avoid top-posting and trim the reply.
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH v9 00/11] x86: PIE support to extend KASLR randomization
2019-08-06 15:43 ` [PATCH v9 00/11] x86: PIE support to extend KASLR randomization Borislav Petkov
@ 2019-08-06 15:50 ` Peter Zijlstra
2019-08-29 19:55 ` Thomas Garnier
0 siblings, 1 reply; 7+ messages in thread
From: Peter Zijlstra @ 2019-08-06 15:50 UTC (permalink / raw)
To: Borislav Petkov
Cc: Thomas Garnier, kernel-hardening, kristen, keescook, Herbert Xu,
David S. Miller, Thomas Gleixner, Ingo Molnar, H. Peter Anvin,
x86, Andy Lutomirski, Juergen Gross, Thomas Hellstrom, VMware,
Inc.,
Rafael J. Wysocki, Len Brown, Pavel Machek, Nadav Amit,
Jann Horn, Feng Tang, Maran Wilson, Enrico Weigelt,
Allison Randal, Alexios Zavras, linux-crypto, linux-kernel,
virtualization, linux-pm
On Tue, Aug 06, 2019 at 05:43:47PM +0200, Borislav Petkov wrote:
> On Tue, Jul 30, 2019 at 12:12:44PM -0700, Thomas Garnier wrote:
> > These patches make some of the changes necessary to build the kernel as
> > Position Independent Executable (PIE) on x86_64. Another patchset will
> > add the PIE option and larger architecture changes.
>
> Yeah, about this: do we have a longer writeup about the actual benefits
> of all this and why we should take this all? After all, after looking
> at the first couple of asm patches, it is posing restrictions to how
> we deal with virtual addresses in asm (only RIP-relative addressing in
> 64-bit mode, MOVs with 64-bit immediates, etc, for example) and I'm
> willing to bet money that some future unrelated change will break PIE
> sooner or later.
Possibly objtool can help here; it should be possible to teach it about
these rules, and then it will yell when violated. That should avoid
regressions.
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH v9 00/11] x86: PIE support to extend KASLR randomization
2019-08-06 15:50 ` Peter Zijlstra
@ 2019-08-29 19:55 ` Thomas Garnier
2019-09-06 23:22 ` Thomas Garnier
0 siblings, 1 reply; 7+ messages in thread
From: Thomas Garnier @ 2019-08-29 19:55 UTC (permalink / raw)
To: Peter Zijlstra
Cc: Borislav Petkov, Kernel Hardening, Kristen Carlson Accardi,
Kees Cook, Herbert Xu, David S. Miller, Thomas Gleixner,
Ingo Molnar, H. Peter Anvin, the arch/x86 maintainers,
Andy Lutomirski, Juergen Gross, Thomas Hellstrom, VMware, Inc.,
Rafael J. Wysocki, Len Brown, Pavel Machek, Nadav Amit,
Jann Horn, Feng Tang, Maran Wilson, Enrico Weigelt,
Allison Randal, Alexios Zavras, Linux Crypto Mailing List, LKML,
virtualization, Linux PM list
On Tue, Aug 6, 2019 at 8:51 AM Peter Zijlstra <peterz@infradead.org> wrote:
>
> On Tue, Aug 06, 2019 at 05:43:47PM +0200, Borislav Petkov wrote:
> > On Tue, Jul 30, 2019 at 12:12:44PM -0700, Thomas Garnier wrote:
> > > These patches make some of the changes necessary to build the kernel as
> > > Position Independent Executable (PIE) on x86_64. Another patchset will
> > > add the PIE option and larger architecture changes.
> >
> > Yeah, about this: do we have a longer writeup about the actual benefits
> > of all this and why we should take this all? After all, after looking
> > at the first couple of asm patches, it is posing restrictions to how
> > we deal with virtual addresses in asm (only RIP-relative addressing in
> > 64-bit mode, MOVs with 64-bit immediates, etc, for example) and I'm
> > willing to bet money that some future unrelated change will break PIE
> > sooner or later.
The goal is being able to extend the range of addresses where the
kernel can be placed with KASLR. I will look at clarifying that in the
future.
>
> Possibly objtool can help here; it should be possible to teach it about
> these rules, and then it will yell when violated. That should avoid
> regressions.
>
I will look into that as well.
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH v9 00/11] x86: PIE support to extend KASLR randomization
2019-08-29 19:55 ` Thomas Garnier
@ 2019-09-06 23:22 ` Thomas Garnier
0 siblings, 0 replies; 7+ messages in thread
From: Thomas Garnier @ 2019-09-06 23:22 UTC (permalink / raw)
To: Peter Zijlstra
Cc: Borislav Petkov, Kernel Hardening, Kristen Carlson Accardi,
Kees Cook, Herbert Xu, David S. Miller, Thomas Gleixner,
Ingo Molnar, H. Peter Anvin, the arch/x86 maintainers,
Andy Lutomirski, Juergen Gross, Thomas Hellstrom, VMware, Inc.,
Rafael J. Wysocki, Len Brown, Pavel Machek, Nadav Amit,
Jann Horn, Feng Tang, Maran Wilson, Enrico Weigelt,
Allison Randal, Alexios Zavras, Linux Crypto Mailing List, LKML,
virtualization, Linux PM list
On Thu, Aug 29, 2019 at 12:55 PM Thomas Garnier <thgarnie@chromium.org> wrote:
>
> On Tue, Aug 6, 2019 at 8:51 AM Peter Zijlstra <peterz@infradead.org> wrote:
> >
> > On Tue, Aug 06, 2019 at 05:43:47PM +0200, Borislav Petkov wrote:
> > > On Tue, Jul 30, 2019 at 12:12:44PM -0700, Thomas Garnier wrote:
> > > > These patches make some of the changes necessary to build the kernel as
> > > > Position Independent Executable (PIE) on x86_64. Another patchset will
> > > > add the PIE option and larger architecture changes.
> > >
> > > Yeah, about this: do we have a longer writeup about the actual benefits
> > > of all this and why we should take this all? After all, after looking
> > > at the first couple of asm patches, it is posing restrictions to how
> > > we deal with virtual addresses in asm (only RIP-relative addressing in
> > > 64-bit mode, MOVs with 64-bit immediates, etc, for example) and I'm
> > > willing to bet money that some future unrelated change will break PIE
> > > sooner or later.
>
> The goal is being able to extend the range of addresses where the
> kernel can be placed with KASLR. I will look at clarifying that in the
> future.
>
> >
> > Possibly objtool can help here; it should be possible to teach it about
> > these rules, and then it will yell when violated. That should avoid
> > regressions.
> >
>
> I will look into that as well.
Following a discussion with Kees. I will explore objtool in the
follow-up patchset as we still have more elaborate pie changes in the
second set. I like the idea overall and I think it would be great if
it works.
^ permalink raw reply [flat|nested] 7+ messages in thread