[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20200304092136.GI2596@hirez.programming.kicks-ass.net>
Date: Wed, 4 Mar 2020 10:21:36 +0100
From: Peter Zijlstra <peterz@...radead.org>
To: Kees Cook <keescook@...omium.org>
Cc: Kristen Carlson Accardi <kristen@...ux.intel.com>,
Thomas Garnier <thgarnie@...omium.org>,
Thomas Gleixner <tglx@...utronix.de>,
Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>,
Kernel Hardening <kernel-hardening@...ts.openwall.com>,
Herbert Xu <herbert@...dor.apana.org.au>,
"David S. Miller" <davem@...emloft.net>,
"H. Peter Anvin" <hpa@...or.com>,
the arch/x86 maintainers <x86@...nel.org>,
Andy Lutomirski <luto@...nel.org>,
Juergen Gross <jgross@...e.com>,
Thomas Hellstrom <thellstrom@...are.com>,
"VMware, Inc." <pv-drivers@...are.com>,
"Rafael J. Wysocki" <rjw@...ysocki.net>,
Len Brown <len.brown@...el.com>, Pavel Machek <pavel@....cz>,
Rasmus Villemoes <linux@...musvillemoes.dk>,
Miguel Ojeda <miguel.ojeda.sandonis@...il.com>,
Will Deacon <will@...nel.org>,
Ard Biesheuvel <ardb@...nel.org>,
Masami Hiramatsu <mhiramat@...nel.org>,
Jiri Slaby <jslaby@...e.cz>,
Boris Ostrovsky <boris.ostrovsky@...cle.com>,
Josh Poimboeuf <jpoimboe@...hat.com>,
Cao jin <caoj.fnst@...fujitsu.com>,
Allison Randal <allison@...utok.net>,
Linux Crypto Mailing List <linux-crypto@...r.kernel.org>,
LKML <linux-kernel@...r.kernel.org>,
virtualization@...ts.linux-foundation.org,
Linux PM list <linux-pm@...r.kernel.org>
Subject: Re: [PATCH v11 00/11] x86: PIE support to extend KASLR randomization
On Tue, Mar 03, 2020 at 01:19:22PM -0800, Kees Cook wrote:
> On Tue, Mar 03, 2020 at 01:01:26PM -0800, Kristen Carlson Accardi wrote:
> > On Tue, 2020-03-03 at 07:43 -0800, Thomas Garnier wrote:
> > > On Tue, Mar 3, 2020 at 1:55 AM Peter Zijlstra <peterz@...radead.org>
> > > > But,... do we still need this in the light of that fine-grained
> > > > kaslr
> > > > stuff?
> > > >
> > > > What is the actual value of this PIE crud in the face of that?
> > >
> > > If I remember well, it makes it easier/better but I haven't seen a
> > > recent update on that. Is that accurate Kees?
> >
> > I believe this patchset is valuable if people are trying to brute force
> > guess the kernel location, but not so awesome in the event of
> > infoleaks. In the case of the current fgkaslr implementation, we only
> > randomize within the existing text segment memory area - so with PIE
> > the text segment base can move around more, but within that it wouldn't
> > strengthen anything. So, if you have an infoleak, you learn the base
> > instantly, and are just left with the same extra protection you get
> > without PIE.
>
> Right -- PIE improves both non- and fg- KASLR similarly, in the sense
> that the possible entropy for base offset is expanded. It also opens the
> door to doing even more crazy things.
So I'm really confused. I see it increases the aslr range, but I'm still
not sure why we care in the face of fgkaslr. Current kaslr is completely
broken because the hardware leaks more bits than we currently have, even
without the kernel itself leaking an address.
But leaking a single address is not a problem with fgkaslr.
> (e.g. why keep the kernel text all
> in one contiguous chunk?)
Dear gawd, please no. Also, we're limited to 2G text, that's just not a
lot of room. I'm really going to object when people propose we introduce
direct PLT for x86.
> And generally speaking, it seems a nice improvement to me, as it gives
> the kernel greater addressing flexibility.
But at what cost; it does unspeakable ugly to the asm. And didn't a
kernel compiled with the extended PIE range produce a measurably slower
kernel due to all the ugly?
So maybe I'm slow, but please spell out the benefit, because I'm not
seeing it.
Powered by blists - more mailing lists