From mboxrd@z Thu Jan 1 00:00:00 1970 Date: Thu, 15 Mar 2018 09:48:36 +0100 From: Pavel Machek Subject: Re: [PATCH v2 00/27] x86: PIE support and option to extend KASLR randomization Message-ID: <20180315084836.GA15953@amd> References: <20180313205945.245105-1-thgarnie@google.com> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="0OAP2g/MAC+5xKAE" Content-Disposition: inline In-Reply-To: <20180313205945.245105-1-thgarnie@google.com> To: Thomas Garnier Cc: Herbert Xu , "David S . Miller" , Thomas Gleixner , Ingo Molnar , "H . Peter Anvin" , Peter Zijlstra , Josh Poimboeuf , Greg Kroah-Hartman , Kate Stewart , Arnd Bergmann , Philippe Ombredanne , Arnaldo Carvalho de Melo , Andrey Ryabinin , Matthias Kaehlcke , Kees Cook , Tom Lendacky , "Kirill A . Shutemov" , Andy Lutomirski , Dominik Brodowski , Borislav Petkov , Borislav Petkov , "Rafael J . Wysocki" , Len Brown , Juergen Gross , Alok Kataria , Steven Rostedt , Tejun Heo , Christoph Lameter , Dennis Zhou , Boris Ostrovsky , David Woodhouse , Alexey Dobriyan , "Paul E . McKenney" , Andrew Morton , Nicolas Pitre , Randy Dunlap , "Luis R . Rodriguez" , Christopher Li , Jason Baron , Ashish Kalra , Kyle McMartin , Dou Liyang , Lukas Wunner , Petr Mladek , Sergey Senozhatsky , Masahiro Yamada , Ingo Molnar , Nicholas Piggin , Cao jin , "H . J . Lu" , Paolo Bonzini , Radim =?utf-8?B?S3LEjW3DocWZ?= , Joerg Roedel , Dave Hansen , Rik van Riel , Jia Zhang , Jiri Slaby , Kyle Huey , Jonathan Corbet , Matthew Wilcox , Michal Hocko , Rob Landley , Baoquan He , Daniel Micay , Jan H =?iso-8859-1?Q?=2E_Sch=F6nherr?= , x86@kernel.org, linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org, linux-pm@vger.kernel.org, virtualization@lists.linux-foundation.org, xen-devel@lists.xenproject.org, linux-arch@vger.kernel.org, linux-sparse@vger.kernel.org, kvm@vger.kernel.org, linux-doc@vger.kernel.org, kernel-hardening@lists.openwall.com List-ID: --0OAP2g/MAC+5xKAE Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi! > These patches make the changes necessary to build the kernel as Position > Independent Executable (PIE) on x86_64. A PIE kernel can be relocated bel= ow > the top 2G of the virtual address space. It allows to optionally extend t= he > KASLR randomization range from 1G to 3G. Would you explain why PIE code is good idea? You are adding less than 2 bits of randomness. Cost is new config option, some size and performance impact, and more than 1000 lines of code... Is there some grand plan of adding 30 more bits of randomness with future patch or something? Pavel --=20 (english) http://www.livejournal.com/~pavelmachek (cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blo= g.html --0OAP2g/MAC+5xKAE Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iEYEARECAAYFAlqqM2QACgkQMOfwapXb+vIPUQCgiwtu3igz+Mea6JgZEWaFBEa4 DdUAn1zcqcTDjpsItrwfFnQZ9XU/fRNQ =OpfY -----END PGP SIGNATURE----- --0OAP2g/MAC+5xKAE-- From mboxrd@z Thu Jan 1 00:00:00 1970 From: Pavel Machek Subject: Re: [PATCH v2 00/27] x86: PIE support and option to extend KASLR randomization Date: Thu, 15 Mar 2018 09:48:36 +0100 Message-ID: <20180315084836.GA15953@amd> References: <20180313205945.245105-1-thgarnie@google.com> Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="===============2098409007256012406==" Return-path: In-Reply-To: <20180313205945.245105-1-thgarnie@google.com> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: virtualization-bounces@lists.linux-foundation.org Errors-To: virtualization-bounces@lists.linux-foundation.org To: Thomas Garnier Cc: Kate Stewart , Nicolas Pitre , Michal Hocko , Sergey Senozhatsky , Petr Mladek , Len Brown , Peter Zijlstra , Christopher Li , Dave Hansen , x86@kernel.org, Dominik Brodowski , linux-kernel@vger.kernel.org, Masahiro Yamada , "H . Peter Anvin" , kernel-hardening@lists.openwall.com, Christoph Lameter , Jiri Slaby , Alok Kataria , linux-doc@vger.kernel.org, linux-arch@vger.kernel.org, Herbert Xu , Baoquan He , Jonathan Corbet , Boris Ostrovsky , Ra List-Id: linux-arch.vger.kernel.org --===============2098409007256012406== Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="0OAP2g/MAC+5xKAE" Content-Disposition: inline --0OAP2g/MAC+5xKAE Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi! > These patches make the changes necessary to build the kernel as Position > Independent Executable (PIE) on x86_64. A PIE kernel can be relocated bel= ow > the top 2G of the virtual address space. It allows to optionally extend t= he > KASLR randomization range from 1G to 3G. Would you explain why PIE code is good idea? You are adding less than 2 bits of randomness. Cost is new config option, some size and performance impact, and more than 1000 lines of code... Is there some grand plan of adding 30 more bits of randomness with future patch or something? Pavel --=20 (english) http://www.livejournal.com/~pavelmachek (cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blo= g.html --0OAP2g/MAC+5xKAE Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iEYEARECAAYFAlqqM2QACgkQMOfwapXb+vIPUQCgiwtu3igz+Mea6JgZEWaFBEa4 DdUAn1zcqcTDjpsItrwfFnQZ9XU/fRNQ =OpfY -----END PGP SIGNATURE----- --0OAP2g/MAC+5xKAE-- --===============2098409007256012406== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Virtualization mailing list Virtualization@lists.linux-foundation.org https://lists.linuxfoundation.org/mailman/listinfo/virtualization --===============2098409007256012406==--