From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.4 required=3.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_HELO_NONE, SPF_PASS,USER_AGENT_SANE_1 autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3B66EC31E40 for ; Tue, 6 Aug 2019 15:43:52 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 0FEEA20717 for ; Tue, 6 Aug 2019 15:43:52 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=alien8.de header.i=@alien8.de header.b="dt2cjv9c" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1732395AbfHFPnv (ORCPT ); Tue, 6 Aug 2019 11:43:51 -0400 Received: from mail.skyhub.de ([5.9.137.197]:35336 "EHLO mail.skyhub.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728558AbfHFPnu (ORCPT ); Tue, 6 Aug 2019 11:43:50 -0400 Received: from zn.tnic (p200300EC2F0DA00008E04FA4C58F7CE4.dip0.t-ipconnect.de [IPv6:2003:ec:2f0d:a000:8e0:4fa4:c58f:7ce4]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.skyhub.de (SuperMail on ZX Spectrum 128k) with ESMTPSA id 42CB21EC0C42; Tue, 6 Aug 2019 17:43:48 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alien8.de; s=dkim; t=1565106228; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:in-reply-to:in-reply-to: references:references; bh=TDFDazt6//hwNfwRMzmVKFiu4ldxLz+yMwXDE8Lj5Eo=; b=dt2cjv9ck6Riog7ad+ewdarAX2dM8UrmZhk8qdfxpW8EfZWGjwleuVrU4g1cmXqrcn8Kh+ TWcpA8A1qy+/qbzkXNRCP6wNTc/+TBGiGV3muxnmmGbdGi77lel3IPkl79O3Iqqfn0x3XN 2iqBRrkAzDyyrAqpiKzGnDMqxESTm0c= Date: Tue, 6 Aug 2019 17:43:47 +0200 From: Borislav Petkov To: Thomas Garnier Cc: kernel-hardening@lists.openwall.com, kristen@linux.intel.com, keescook@chromium.org, Herbert Xu , "David S. Miller" , Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , x86@kernel.org, Andy Lutomirski , Juergen Gross , Thomas Hellstrom , "VMware, Inc." , "Rafael J. Wysocki" , Len Brown , Pavel Machek , Peter Zijlstra , Nadav Amit , Jann Horn , Feng Tang , Maran Wilson , Enrico Weigelt , Allison Randal , Alexios Zavras , linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org, virtualization@lists.linux-foundation.org, linux-pm@vger.kernel.org Subject: Re: [PATCH v9 00/11] x86: PIE support to extend KASLR randomization Message-ID: <20190806154347.GD25897@zn.tnic> References: <20190730191303.206365-1-thgarnie@chromium.org> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <20190730191303.206365-1-thgarnie@chromium.org> User-Agent: Mutt/1.10.1 (2018-07-13) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Jul 30, 2019 at 12:12:44PM -0700, Thomas Garnier wrote: > These patches make some of the changes necessary to build the kernel as > Position Independent Executable (PIE) on x86_64. Another patchset will > add the PIE option and larger architecture changes. Yeah, about this: do we have a longer writeup about the actual benefits of all this and why we should take this all? After all, after looking at the first couple of asm patches, it is posing restrictions to how we deal with virtual addresses in asm (only RIP-relative addressing in 64-bit mode, MOVs with 64-bit immediates, etc, for example) and I'm willing to bet money that some future unrelated change will break PIE sooner or later. And I'd like to have a better justification why we should enforce those new "rules" unconditionally. Thx. -- Regards/Gruss, Boris. Good mailing practices for 400: avoid top-posting and trim the reply.