[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Xen-devel] [PATCH v2 00/27] x86: PIE support and option to extend KASLR randomization
- To: Thomas Garnier <thgarnie@xxxxxxxxxx>
- From: Pavel Machek <pavel@xxxxxx>
- Date: Thu, 15 Mar 2018 09:48:36 +0100
- Cc: Kate Stewart <kstewart@xxxxxxxxxxxxxxxxxxx>, Nicolas Pitre <nicolas.pitre@xxxxxxxxxx>, Michal Hocko <mhocko@xxxxxxxx>, Sergey Senozhatsky <sergey.senozhatsky.work@xxxxxxxxx>, Petr Mladek <pmladek@xxxxxxxx>, Len Brown <len.brown@xxxxxxxxx>, Peter Zijlstra <peterz@xxxxxxxxxxxxx>, Christopher Li <sparse@xxxxxxxxxxx>, Dave Hansen <dave.hansen@xxxxxxxxxxxxxxx>, x86@xxxxxxxxxx, Dominik Brodowski <linux@xxxxxxxxxxxxxxxxxxxx>, linux-kernel@xxxxxxxxxxxxxxx, Masahiro Yamada <yamada.masahiro@xxxxxxxxxxxxx>, "H . Peter Anvin" <hpa@xxxxxxxxx>, kernel-hardening@xxxxxxxxxxxxxxxxxx, Christoph Lameter <cl@xxxxxxxxx>, Jiri Slaby <jslaby@xxxxxxx>, Alok Kataria <akataria@xxxxxxxxxx>, linux-doc@xxxxxxxxxxxxxxx, linux-arch@xxxxxxxxxxxxxxx, Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>, Baoquan He <bhe@xxxxxxxxxx>, Jonathan Corbet <corbet@xxxxxxx>, Boris Ostrovsky <boris.ostrovsky@xxxxxxxxxx>, Radim Krčmář <rkrcmar@xxxxxxxxxx>, Kyle Huey <me@xxxxxxxxxxxx>, Ingo Molnar <mingo@xxxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx, linux-sparse@xxxxxxxxxxxxxxx, Matthias Kaehlcke <mka@xxxxxxxxxxxx>, Andrey Ryabinin <aryabinin@xxxxxxxxxxxxx>, Borislav Petkov <bp@xxxxxxx>, virtualization@xxxxxxxxxxxxxxxxxxxxxxxxxx, Alexey Dobriyan <adobriyan@xxxxxxxxx>, Matthew Wilcox <mawilcox@xxxxxxxxxxxxx>, linux-crypto@xxxxxxxxxxxxxxx, kvm@xxxxxxxxxxxxxxx, Tom Lendacky <thomas.lendacky@xxxxxxx>, Rik van Riel <riel@xxxxxxxxxx>, Jan H . Schönherr <jschoenh@xxxxxxxxx>, Kees Cook <keescook@xxxxxxxxxxxx>, Arnd Bergmann <arnd@xxxxxxxx>, Dou Liyang <douly.fnst@xxxxxxxxxxxxxx>, Daniel Micay <danielmicay@xxxxxxxxx>, "H . J . Lu" <hjl.tools@xxxxxxxxx>, Steven Rostedt <rostedt@xxxxxxxxxxx>, Arnaldo Carvalho de Melo <acme@xxxxxxxxxx>, Dennis Zhou <dennisszhou@xxxxxxxxx>, Jason Baron <jbaron@xxxxxxxxxx>, Borislav Petkov <bp@xxxxxxxxx>, Nicholas Piggin <npiggin@xxxxxxxxx>, Andy Lutomirski <luto@xxxxxxxxxx>, Josh Poimboeuf <jpoimboe@xxxxxxxxxx>, Thomas Gleixner <tglx@xxxxxxxxxxxxx>, Ashish Kalra <ashish@xxxxxxxxxxxxxx>, Ingo Molnar <mingo@xxxxxxxxxx>, Juergen Gross <jgross@xxxxxxxx>, Kyle McMartin <kyle@xxxxxxxxxx>, "Paul E . McKenney" <paulmck@xxxxxxxxxxxxxxxxxx>, Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>, linux-pm@xxxxxxxxxxxxxxx, Randy Dunlap <rdunlap@xxxxxxxxxxxxx>, "Rafael J . Wysocki" <rjw@xxxxxxxxxxxxx>, Cao jin <caoj.fnst@xxxxxxxxxxxxxx>, Jia Zhang <qianyue.zj@xxxxxxxxxxxxxxx>, "Luis R . Rodriguez" <mcgrof@xxxxxxxxxx>, Lukas Wunner <lukas@xxxxxxxxx>, David Woodhouse <dwmw@xxxxxxxxxxxx>, Rob Landley <rob@xxxxxxxxxxx>, Philippe Ombredanne <pombredanne@xxxxxxxx>, Tejun Heo <tj@xxxxxxxxxx>, Paolo Bonzini <pbonzini@xxxxxxxxxx>, Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>, "David S . Miller" <davem@xxxxxxxxxxxxx>, "Kirill A . Shutemov" <kirill.shutemov@xxxxxxxxxxxxxxx>, Joerg Roedel <joro@xxxxxxxxxx>
- Delivery-date: Thu, 15 Mar 2018 08:48:45 +0000
- List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
Hi!
> These patches make the changes necessary to build the kernel as Position
> Independent Executable (PIE) on x86_64. A PIE kernel can be relocated below
> the top 2G of the virtual address space. It allows to optionally extend the
> KASLR randomization range from 1G to 3G.
Would you explain why PIE code is good idea?
You are adding less than 2 bits of randomness. Cost is new config
option, some size and performance impact, and more than 1000 lines of
code...
Is there some grand plan of adding 30 more bits of randomness with
future patch or something?
Pavel
--
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures)
http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html
Attachment:
signature.asc
Description: Digital signature
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel
|
