From: "H. Peter Anvin" <hpa@zytor.com>
To: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: "Thomas Garnier" <thgarnie@google.com>,
"Brian Gerst" <brgerst@gmail.com>,
"Herbert Xu" <herbert@gondor.apana.org.au>,
"David S . Miller" <davem@davemloft.net>,
"Thomas Gleixner" <tglx@linutronix.de>,
"Ingo Molnar" <mingo@redhat.com>,
"Peter Zijlstra" <peterz@infradead.org>,
"Josh Poimboeuf" <jpoimboe@redhat.com>,
"Arnd Bergmann" <arnd@arndb.de>,
"Matthias Kaehlcke" <mka@chromium.org>,
"Boris Ostrovsky" <boris.ostrovsky@oracle.com>,
"Juergen Gross" <jgross@suse.com>,
"Paolo Bonzini" <pbonzini@redhat.com>,
"Radim Krčmář" <rkrcmar@redhat.com>,
"Joerg Roedel" <joro@8bytes.org>,
"Andy Lutomirski" <luto@kernel.org>,
"Borislav Petkov" <bp@alien8.de>,
"Kirill A . Shutemov" <kirill.shutemov@linux.intel.com>,
"Borislav Petkov" <bp@suse.de>,
"Christian Borntraeger" <borntraeger@de.ibm.com>,
"Rafael J . Wysocki" <rjw@rjwysocki.net>,
"Len Brown" <len.brown@intel.com>, "Pavel Machek" <pavel@ucw.cz>,
"Tejun Heo" <tj@kernel.org>, "Christoph Lameter" <cl@linux.com>,
"Kees Cook" <keescook@chromium.org>,
Paul.Gortmaker@zytor.com
Subject: Re: [RFC 06/22] kvm: Adapt assembly for PIE support
Date: Wed, 19 Jul 2017 16:47:45 -0700 [thread overview]
Message-ID: <201707192348.v6JNm8Rg003916@mail.zytor.com> (raw)
In-Reply-To: <CAKv+Gu_0o+PrMAWRSP5Y4R7QO87+zAYf=B=VDF1icqJvWL0PoA@mail.gmail.com>
<paul.gortmaker@windriver.com>,Chris Metcalf <cmetcalf@mellanox.com>,"Paul E . McKenney" <paulmck@linux.vnet.ibm.com>,Andrew Morton <akpm@linux-foundation.org>,Christopher Li <sparse@chrisli.org>,Dou Liyang <douly.fnst@cn.fujitsu.com>,Masahiro Yamada <yamada.masahiro@socionext.com>,Daniel Borkmann <daniel@iogearbox.net>,Markus Trippelsdorf <markus@trippelsdorf.de>,Peter Foley <pefoley2@pefoley.com>,Steven Rostedt <rostedt@goodmis.org>,Tim Chen <tim.c.chen@linux.intel.com>,Catalin Marinas <catalin.marinas@arm.com>,Matthew Wilcox <mawilcox@microsoft.com>,Michal Hocko <mhocko@suse.com>,Rob Landley <rob@landley.net>,Jiri Kosina <jkosina@suse.cz>,"H . J . Lu" <hjl.tools@gmail.com>,Paul Bolle <pebolle@tiscali.nl>,Baoquan He <bhe@redhat.com>,Daniel Micay <danielmicay@gmail.com>,the arch/x86 maintainers <x86@kernel.org>,"linux-crypto@vger.kernel.org" <linux-crypto@vger.kernel.org>,Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,xen-devel@lists.xenproject.org,kvm list
<kvm@vger.kernel.org>,linux-pm <linux-pm@vger.kernel.org>,linux-arch <linux-arch@vger.kernel.org>,Linux-Sparse <linux-sparse@vger.kernel.org>,Kernel Hardening <kernel-hardening@lists.openwall.com>
From: hpa@zytor.com
Message-ID: <83BA7600-BC8D-4C91-812C-DD2A0BF4474B@zytor.com>
On July 19, 2017 3:58:07 PM PDT, Ard Biesheuvel <ard.biesheuvel@linaro.org> wrote:
>On 19 July 2017 at 23:27, H. Peter Anvin <hpa@zytor.com> wrote:
>> On 07/19/17 08:40, Thomas Garnier wrote:
>>>>
>>>> This doesn't look right. It's accessing a per-cpu variable. The
>>>> per-cpu section is an absolute, zero-based section and not subject
>to
>>>> relocation.
>>>
>>> PIE does not respect the zero-based section, it tries to have
>>> everything relative. Patch 16/22 also adapt per-cpu to work with PIE
>>> (while keeping the zero absolute design by default).
>>>
>>
>> This is silly. The right thing is for PIE is to be explicitly
>absolute,
>> without (%rip). The use of (%rip) memory references for percpu is
>just
>> an optimization.
>>
>
>Sadly, there is an issue in binutils that may prevent us from doing
>this as cleanly as we would want.
>
>For historical reasons, bfd.ld emits special symbols like
>__GLOBAL_OFFSET_TABLE__ as absolute symbols with a section index of
>SHN_ABS, even though it is quite obvious that they are relative like
>any other symbol that points into the image. Unfortunately, this means
>that binutils needs to emit R_X86_64_RELATIVE relocations even for
>SHN_ABS symbols, which means we lose the ability to use both absolute
>and relocatable symbols in the same PIE image (unless the reloc tool
>can filter them out)
>
>More info here:
>https://sourceware.org/bugzilla/show_bug.cgi?id=19818
The reloc tool already has the ability to filter symbols.
--
Sent from my Android device with K-9 Mail. Please excuse my brevity.
next prev parent reply other threads:[~2017-07-20 0:17 UTC|newest]
Thread overview: 57+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-07-18 22:33 x86: PIE support and option to extend KASLR randomization Thomas Garnier
2017-07-18 22:33 ` [RFC 01/22] x86/crypto: Adapt assembly for PIE support Thomas Garnier
2017-07-18 22:33 ` [RFC 02/22] x86: Use symbol name on bug table " Thomas Garnier
2017-07-18 22:33 ` [RFC 03/22] x86: Use symbol name in jump " Thomas Garnier
2017-07-18 22:33 ` [RFC 04/22] x86: Add macro to get symbol address " Thomas Garnier
2017-07-18 22:33 ` [RFC 05/22] xen: Adapt assembly " Thomas Garnier
2017-07-18 22:33 ` [RFC 06/22] kvm: " Thomas Garnier
2017-07-19 2:49 ` Brian Gerst
2017-07-19 15:40 ` Thomas Garnier
2017-07-19 22:27 ` H. Peter Anvin
2017-07-19 22:44 ` Thomas Garnier
2017-07-19 22:58 ` Ard Biesheuvel
2017-07-19 23:47 ` H. Peter Anvin [this message]
2017-07-19 23:47 ` H. Peter Anvin
2017-07-18 22:33 ` [RFC 07/22] x86: relocate_kernel - " Thomas Garnier
2017-07-19 22:58 ` H. Peter Anvin
2017-07-19 23:23 ` Thomas Garnier
2017-07-18 22:33 ` [RFC 08/22] x86/entry/64: " Thomas Garnier
2017-07-18 22:33 ` [RFC 09/22] x86: pm-trace - " Thomas Garnier
2017-07-18 22:33 ` [RFC 10/22] x86/CPU: " Thomas Garnier
2017-07-18 22:33 ` [RFC 11/22] x86/acpi: " Thomas Garnier
2017-07-18 22:33 ` [RFC 12/22] x86/boot/64: " Thomas Garnier
2017-07-18 22:33 ` [RFC 13/22] x86/power/64: " Thomas Garnier
2017-07-19 18:41 ` Pavel Machek
2017-07-18 22:33 ` [RFC 14/22] x86/paravirt: " Thomas Garnier
2017-07-18 22:33 ` [RFC 15/22] x86/boot/64: Use _text in a global " Thomas Garnier
2017-07-18 22:33 ` [RFC 16/22] x86/percpu: Adapt percpu " Thomas Garnier
2017-07-19 3:08 ` Brian Gerst
2017-07-19 18:26 ` Thomas Garnier
2017-07-19 23:33 ` H. Peter Anvin
2017-07-20 2:21 ` H. Peter Anvin
2017-07-20 3:03 ` H. Peter Anvin
2017-07-20 14:26 ` Thomas Garnier
2017-08-02 16:42 ` Thomas Garnier
2017-08-02 16:56 ` Kees Cook
2017-08-02 18:05 ` Thomas Garnier
2017-07-18 22:33 ` [RFC 17/22] compiler: Option to default to hidden symbols Thomas Garnier
2017-07-18 22:33 ` [RFC 18/22] x86/relocs: Handle DYN relocations for PIE support Thomas Garnier
2017-07-18 22:33 ` [RFC 19/22] x86/pie: Add option to build the kernel as PIE for x86_64 Thomas Garnier
2017-07-18 22:33 ` [RFC 20/22] x86/relocs: Add option to generate 64-bit relocations Thomas Garnier
2017-07-19 22:33 ` H. Peter Anvin
2017-07-19 22:47 ` Thomas Garnier
2017-07-19 23:08 ` H. Peter Anvin
2017-07-19 23:25 ` Thomas Garnier
2017-07-19 23:45 ` H. Peter Anvin
2017-07-19 23:45 ` H. Peter Anvin
2017-07-18 22:33 ` [RFC 21/22] x86/module: Add support for mcmodel large and PLTs Thomas Garnier
2017-07-19 1:35 ` H. Peter Anvin
2017-07-19 3:59 ` Brian Gerst
2017-07-19 15:58 ` Thomas Garnier
2017-07-19 17:34 ` Brian Gerst
2017-07-24 16:32 ` Thomas Garnier
2017-07-18 22:33 ` [RFC 22/22] x86/kaslr: Add option to extend KASLR range from 1GB to 3GB Thomas Garnier
2017-07-19 12:10 ` Baoquan He
2017-07-19 13:49 ` Baoquan He
2017-07-19 14:08 ` x86: PIE support and option to extend KASLR randomization Christopher Lameter
2017-07-19 19:21 ` Kees Cook
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=201707192348.v6JNm8Rg003916@mail.zytor.com \
--to=hpa@zytor.com \
--cc=Paul.Gortmaker@zytor.com \
--cc=ard.biesheuvel@linaro.org \
--cc=arnd@arndb.de \
--cc=boris.ostrovsky@oracle.com \
--cc=borntraeger@de.ibm.com \
--cc=bp@alien8.de \
--cc=bp@suse.de \
--cc=brgerst@gmail.com \
--cc=cl@linux.com \
--cc=davem@davemloft.net \
--cc=herbert@gondor.apana.org.au \
--cc=jgross@suse.com \
--cc=joro@8bytes.org \
--cc=jpoimboe@redhat.com \
--cc=keescook@chromium.org \
--cc=kirill.shutemov@linux.intel.com \
--cc=len.brown@intel.com \
--cc=luto@kernel.org \
--cc=mingo@redhat.com \
--cc=mka@chromium.org \
--cc=pavel@ucw.cz \
--cc=pbonzini@redhat.com \
--cc=peterz@infradead.org \
--cc=rjw@rjwysocki.net \
--cc=rkrcmar@redhat.com \
--cc=tglx@linutronix.de \
--cc=thgarnie@google.com \
--cc=tj@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).