lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 24 Nov 2022 14:33:28 +0100
From:   Petr Pavlu <petr.pavlu@...e.com>
To:     Borislav Petkov <bp@...en8.de>
Cc:     tglx@...utronix.de, mingo@...hat.com, dave.hansen@...ux.intel.com,
        x86@...nel.org, hpa@...or.com, nicolas@...sle.eu,
        masahiroy@...nel.org, kirill.shutemov@...ux.intel.com,
        tony.luck@...el.com, michael.roth@....com, nathan@...nel.org,
        ndesaulniers@...gle.com, linux-kernel@...r.kernel.org
Subject: Re: [PATCH v2] x86: Avoid relocation information in final vmlinux

On 11/24/22 13:38, Borislav Petkov wrote:
> On Thu, Nov 24, 2022 at 10:21:33AM +0100, Petr Pavlu wrote:
>> Option CONFIG_RANDOMIZE_BASE=y needs to be enabled. Switching it on should
>> automatically select also CONFIG_X86_NEED_RELOCS=y which is what actually
>> enables use of --emit-relocs in arch/x86/Makefile.
> 
> Yeah, as I said in my previous mail:
> 
> "and before and after .configs simply have RANDOMIZE_BASE =n and =y,
> respectively."
> 
> I just did it again to make sure:
> 
> -rwxr-xr-x 1 boris boris 377666112 Nov 24 13:28 vmlinux.before
> -rwxr-xr-x 1 boris boris 377718768 Nov 24 13:33 vmlinux.after
> 
> With
> 
> $ grep -E "(NEED_RELOCS|RANDOMIZE)" .config
> CONFIG_RANDOMIZE_BASE=y
> CONFIG_X86_NEED_RELOCS=y
> CONFIG_RANDOMIZE_MEMORY=y
> CONFIG_RANDOMIZE_MEMORY_PHYSICAL_PADDING=0x0
> CONFIG_ARCH_HAS_ELF_RANDOMIZE=y
> CONFIG_HAVE_ARCH_RANDOMIZE_KSTACK_OFFSET=y
> CONFIG_RANDOMIZE_KSTACK_OFFSET=y
> 
> that second vmlinux file is even a bit larger (~51K) ...

If the before case is with RANDOMIZE_BASE=n and the after case is with
RANDOMIZE_BASE=y then it makes sense the resulting sizes are similar. With
RANDOMIZE_BASE=n, vmlinux is linked without --emit-relocs and so there will be
no relocation sections at all. With RANDOMIZE_BASE=y and my patch, the
sections get created but are stripped eventually. The increased size in the
second case is likely due to the logic to support the relocation process.

The case that the patch improves is with RANDOMIZE_BASE=y. Both the before and
after case need to have this option enabled. Comparison without my patch and
with it should then show that the patch significantly reduces the size of
vmlinux.

Petr

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ