From: Ingo Molnar <mingo@kernel.org>
To: "H. Peter Anvin" <hpa@zytor.com>,
Kristen Carlson Accardi <kristen@linux.intel.com>
Cc: Hou Wenlong <houwenlong.hwl@antgroup.com>,
linux-kernel@vger.kernel.org,
Lai Jiangshan <jiangshan.ljs@antgroup.com>,
Thomas Gleixner <tglx@linutronix.de>,
Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>,
Dave Hansen <dave.hansen@linux.intel.com>,
"maintainer:X86 ARCHITECTURE 32-BIT AND 64-BIT" <x86@kernel.org>,
Josh Poimboeuf <jpoimboe@kernel.org>,
Anshuman Khandual <anshuman.khandual@arm.com>,
Mike Rapoport <rppt@kernel.org>,
Pasha Tatashin <pasha.tatashin@soleen.com>
Subject: Re: [PATCH RFC 1/7] x86/head/64: Mark startup_gdt and startup_gdt_descr as __initdata
Date: Wed, 18 Oct 2023 13:45:40 +0200 [thread overview]
Message-ID: <ZS/FZAq6lbxXtBtB@gmail.com> (raw)
In-Reply-To: <77B66FD0-ED28-4D3F-8D28-467AC4FCD00D@zytor.com>
* H. Peter Anvin <hpa@zytor.com> wrote:
> If the goal is better KASLR, then what we really should spend time on was
> Kristen Accardi's fgKASLR patches, which not only exponentially(!)
> increases the randomization entrophy but also *actually* avoids the "one
> leak and it's over" problem.
Agreed. Going by this version of function-granularity KASLR from 3 years
ago:
https://lwn.net/Articles/824307/
https://lwn.net/ml/linux-kernel/20200623172327.5701-1-kristen@linux.intel.com/
The fgKASLR feature looks entirely viable to me. Back then I presumed it
would get iterated beyond v3, and then it fell off my radar. :-/
If Kristen or someone else would like to dust this off & submit a fresh
version it would be much appreciated!
Thanks,
Ingo
next prev parent reply other threads:[~2023-10-18 11:46 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-07-12 3:30 [PATCH RFC 0/7] x86/head/64: Build the head code as PIE Hou Wenlong
2023-07-12 3:30 ` [PATCH RFC 1/7] x86/head/64: Mark startup_gdt and startup_gdt_descr as __initdata Hou Wenlong
2023-10-16 11:57 ` Ingo Molnar
2023-10-17 7:23 ` Hou Wenlong
2023-10-17 13:02 ` Ingo Molnar
2023-10-17 16:34 ` H. Peter Anvin
2023-10-18 11:45 ` Ingo Molnar [this message]
2023-11-10 0:03 ` Josh Poimboeuf
2023-10-18 8:36 ` Hou Wenlong
2023-07-12 3:30 ` [PATCH RFC 2/7] x86/head/64: Add missing __head annotation to startup_64_load_idt() Hou Wenlong
2023-07-12 3:30 ` [PATCH RFC 3/7] x86/head/64: Move all head code from head64.c into another file Hou Wenlong
2023-07-12 3:30 ` [PATCH RFC 4/7] x86/boot/compressed: Adapt sed command if head code is built as PIE Hou Wenlong
2023-07-12 3:30 ` [PATCH RFC 5/7] x86/head/64: Build the head code " Hou Wenlong
2023-07-12 3:30 ` [PATCH RFC 6/7] x86/sme: Mark code as __head in mem_encrypt_identity.c Hou Wenlong
2023-07-12 3:30 ` [PATCH RFC 7/7] x86/sme: Build the code in mem_encrypt_identity.c as PIE Hou Wenlong
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZS/FZAq6lbxXtBtB@gmail.com \
--to=mingo@kernel.org \
--cc=anshuman.khandual@arm.com \
--cc=bp@alien8.de \
--cc=dave.hansen@linux.intel.com \
--cc=houwenlong.hwl@antgroup.com \
--cc=hpa@zytor.com \
--cc=jiangshan.ljs@antgroup.com \
--cc=jpoimboe@kernel.org \
--cc=kristen@linux.intel.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=pasha.tatashin@soleen.com \
--cc=rppt@kernel.org \
--cc=tglx@linutronix.de \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.