From: Thomas Garnier <thgarnie@google.com>
To: Herbert Xu <herbert@gondor.apana.org.au>,
"David S . Miller" <davem@davemloft.net>,
Thomas Gleixner <tglx@linutronix.de>,
Ingo Molnar <mingo@redhat.com>, "H . Peter Anvin" <hpa@zytor.com>,
Peter Zijlstra <peterz@infradead.org>,
Josh Poimboeuf <jpoimboe@redhat.com>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Thomas Garnier <thgarnie@google.com>,
Philippe Ombredanne <pombredanne@nexb.com>,
Kate Stewart <kstewart@linuxfoundation.org>,
Arnaldo Carvalho de Melo <acme@redhat.com>,
Yonghong Song <yhs@fb.com>,
Andrey Ryabinin <aryabinin@virtuozzo.com>,
Kees Cook <keescook@chromium.org>,
Tom Lendacky <thomas.lendacky@amd.com>,
"Kirill A . Shutemov" <kirill.shutemov@linux.intel.com>,
Andy Lutomirski <luto@kernel.org>,
Dominik Brodowski <linux@dominikbrodowski.net>,
Borislav Petkov <bp@alien8.de>, Borislav Petkov <bp@suse.de>,
"Rafael J . Wysocki" <rjw@rjwysocki.net>,
Len
Cc: linux-arch@vger.kernel.org, kvm@vger.kernel.org,
linux-pm@vger.kernel.org, x86@kernel.org,
linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org,
virtualization@lists.linux-foundation.org,
linux-sparse@vger.kernel.org, linux-crypto@vger.kernel.org,
kernel-hardening@lists.openwall.com,
xen-devel@lists.xenproject.org
Subject: [PATCH v3 06/27] x86/entry/64: Adapt assembly for PIE support
Date: Wed, 23 May 2018 12:54:00 -0700 [thread overview]
Message-ID: <20180523195421.180248-7-thgarnie@google.com> (raw)
In-Reply-To: <20180523195421.180248-1-thgarnie@google.com>
Change the assembly code to use only relative references of symbols for the
kernel to be PIE compatible.
Position Independent Executable (PIE) support will allow to extended the
KASLR randomization range below the -2G memory limit.
Signed-off-by: Thomas Garnier <thgarnie@google.com>
---
arch/x86/entry/entry_64.S | 18 ++++++++++++------
arch/x86/kernel/relocate_kernel_64.S | 8 +++-----
2 files changed, 15 insertions(+), 11 deletions(-)
diff --git a/arch/x86/entry/entry_64.S b/arch/x86/entry/entry_64.S
index c9648b287d7f..8638dca78191 100644
--- a/arch/x86/entry/entry_64.S
+++ b/arch/x86/entry/entry_64.S
@@ -191,7 +191,7 @@ ENTRY(entry_SYSCALL_64_trampoline)
* spill RDI and restore it in a second-stage trampoline.
*/
pushq %rdi
- movq $entry_SYSCALL_64_stage2, %rdi
+ movabsq $entry_SYSCALL_64_stage2, %rdi
JMP_NOSPEC %rdi
END(entry_SYSCALL_64_trampoline)
@@ -1279,7 +1279,8 @@ ENTRY(error_entry)
movl %ecx, %eax /* zero extend */
cmpq %rax, RIP+8(%rsp)
je .Lbstep_iret
- cmpq $.Lgs_change, RIP+8(%rsp)
+ leaq .Lgs_change(%rip), %rcx
+ cmpq %rcx, RIP+8(%rsp)
jne .Lerror_entry_done
/*
@@ -1484,10 +1485,10 @@ ENTRY(nmi)
* resume the outer NMI.
*/
- movq $repeat_nmi, %rdx
+ leaq repeat_nmi(%rip), %rdx
cmpq 8(%rsp), %rdx
ja 1f
- movq $end_repeat_nmi, %rdx
+ leaq end_repeat_nmi(%rip), %rdx
cmpq 8(%rsp), %rdx
ja nested_nmi_out
1:
@@ -1541,7 +1542,8 @@ nested_nmi:
pushq %rdx
pushfq
pushq $__KERNEL_CS
- pushq $repeat_nmi
+ leaq repeat_nmi(%rip), %rdx
+ pushq %rdx
/* Put stack back */
addq $(6*8), %rsp
@@ -1580,7 +1582,11 @@ first_nmi:
addq $8, (%rsp) /* Fix up RSP */
pushfq /* RFLAGS */
pushq $__KERNEL_CS /* CS */
- pushq $1f /* RIP */
+ pushq $0 /* Futur return address */
+ pushq %rax /* Save RAX */
+ leaq 1f(%rip), %rax /* RIP */
+ movq %rax, 8(%rsp) /* Put 1f on return address */
+ popq %rax /* Restore RAX */
iretq /* continues at repeat_nmi below */
UNWIND_HINT_IRET_REGS
1:
diff --git a/arch/x86/kernel/relocate_kernel_64.S b/arch/x86/kernel/relocate_kernel_64.S
index a7227dfe1a2b..0c0fc259a4e2 100644
--- a/arch/x86/kernel/relocate_kernel_64.S
+++ b/arch/x86/kernel/relocate_kernel_64.S
@@ -208,11 +208,9 @@ identity_mapped:
movq %rax, %cr3
lea PAGE_SIZE(%r8), %rsp
call swap_pages
- jmp *virtual_mapped_addr(%rip)
-
- /* Absolute value for PIE support */
-virtual_mapped_addr:
- .quad virtual_mapped
+ movabsq $virtual_mapped, %rax
+ pushq %rax
+ ret
virtual_mapped:
movq RSP(%r8), %rsp
--
2.17.0.441.gb46fe60e1d-goog
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
next prev parent reply other threads:[~2018-05-23 19:54 UTC|newest]
Thread overview: 46+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-05-23 19:53 [PATCH v3 00/27] x86: PIE support and option to extend KASLR randomization Thomas Garnier via Virtualization
2018-05-23 19:53 ` [PATCH v3 01/27] x86/crypto: Adapt assembly for PIE support Thomas Garnier via Virtualization
2018-05-23 19:53 ` [PATCH v3 02/27] x86: Use symbol name on bug table " Thomas Garnier via Virtualization
2018-05-23 19:53 ` [PATCH v3 03/27] x86: Use symbol name in jump " Thomas Garnier
2018-05-23 19:53 ` [PATCH v3 04/27] x86: Add macro to get symbol address " Thomas Garnier
2018-05-23 19:53 ` [PATCH v3 05/27] x86: relocate_kernel - Adapt assembly " Thomas Garnier
2018-05-23 19:54 ` Thomas Garnier [this message]
2018-05-23 19:54 ` [PATCH v3 07/27] x86: pm-trace " Thomas Garnier
2018-05-23 19:54 ` [PATCH v3 08/27] x86/CPU: " Thomas Garnier
2018-05-23 19:54 ` [PATCH v3 09/27] x86/acpi: " Thomas Garnier
2018-05-24 11:03 ` Pavel Machek
2018-05-24 16:35 ` Thomas Garnier
2018-05-25 9:14 ` Pavel Machek
2018-05-25 17:00 ` Thomas Garnier
2018-05-29 12:31 ` Pavel Machek
2018-05-29 15:55 ` Thomas Garnier
2018-05-23 19:54 ` [PATCH v3 10/27] x86/boot/64: " Thomas Garnier
2018-05-23 19:54 ` [PATCH v3 11/27] x86/power/64: " Thomas Garnier
2018-05-24 11:03 ` Pavel Machek
2018-05-24 16:37 ` Thomas Garnier via Virtualization
2018-05-25 9:10 ` Pavel Machek
2018-05-23 19:54 ` [PATCH v3 12/27] x86/paravirt: " Thomas Garnier
2018-05-23 19:54 ` [PATCH v3 13/27] x86/boot/64: Build head64.c as mcmodel large when PIE is enabled Thomas Garnier
2018-05-23 19:54 ` [PATCH v3 14/27] x86/percpu: Adapt percpu for PIE support Thomas Garnier
2018-05-23 19:54 ` [PATCH v3 15/27] compiler: Option to default to hidden symbols Thomas Garnier
2018-05-23 19:54 ` [PATCH v3 16/27] compiler: Option to add PROVIDE_HIDDEN replacement for weak symbols Thomas Garnier
2018-05-23 21:16 ` Randy Dunlap
2018-05-23 19:54 ` [PATCH v3 17/27] x86/relocs: Handle PIE relocations Thomas Garnier
2018-05-23 19:54 ` [PATCH v3 18/27] xen: Adapt assembly for PIE support Thomas Garnier
2018-05-24 9:11 ` Juergen Gross
2018-05-23 19:54 ` [PATCH v3 19/27] kvm: " Thomas Garnier
2018-05-23 19:54 ` [PATCH v3 20/27] x86: Support global stack cookie Thomas Garnier
2018-05-23 19:54 ` [PATCH v3 21/27] x86/ftrace: Adapt function tracing for PIE support Thomas Garnier
2018-05-24 11:40 ` Petr Mladek
2018-05-24 20:16 ` Steven Rostedt
2018-05-24 20:41 ` Thomas Garnier via Virtualization
2018-05-29 18:37 ` Thomas Garnier via Virtualization
2018-05-23 19:54 ` [PATCH v3 22/27] x86/modules: Add option to start module section after kernel Thomas Garnier
2018-05-23 19:54 ` [PATCH v3 23/27] x86/modules: Adapt module loading for PIE support Thomas Garnier
2018-05-23 21:26 ` Randy Dunlap
2018-05-23 22:01 ` Thomas Garnier
2018-05-23 23:07 ` Randy Dunlap
2018-05-23 19:54 ` [PATCH v3 24/27] x86/mm: Make the x86 GOT read-only Thomas Garnier
2018-05-23 19:54 ` [PATCH v3 25/27] x86/pie: Add option to build the kernel as PIE Thomas Garnier
2018-05-23 19:54 ` [PATCH v3 26/27] x86/relocs: Add option to generate 64-bit relocations Thomas Garnier
2018-05-23 19:54 ` [PATCH v3 27/27] x86/kaslr: Add option to extend KASLR range from 1GB to 3GB Thomas Garnier
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180523195421.180248-7-thgarnie@google.com \
--to=thgarnie@google.com \
--cc=acme@redhat.com \
--cc=aryabinin@virtuozzo.com \
--cc=bp@alien8.de \
--cc=bp@suse.de \
--cc=davem@davemloft.net \
--cc=gregkh@linuxfoundation.org \
--cc=herbert@gondor.apana.org.au \
--cc=hpa@zytor.com \
--cc=jpoimboe@redhat.com \
--cc=keescook@chromium.org \
--cc=kernel-hardening@lists.openwall.com \
--cc=kirill.shutemov@linux.intel.com \
--cc=kstewart@linuxfoundation.org \
--cc=kvm@vger.kernel.org \
--cc=linux-arch@vger.kernel.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-pm@vger.kernel.org \
--cc=linux-sparse@vger.kernel.org \
--cc=linux@dominikbrodowski.net \
--cc=luto@kernel.org \
--cc=mingo@redhat.com \
--cc=peterz@infradead.org \
--cc=pombredanne@nexb.com \
--cc=rjw@rjwysocki.net \
--cc=tglx@linutronix.de \
--cc=thomas.lendacky@amd.com \
--cc=virtualization@lists.linux-foundation.org \
--cc=x86@kernel.org \
--cc=xen-devel@lists.xenproject.org \
--cc=yhs@fb.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox