| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <5c7490bb-aa74-427b-849e-c28c343b7409@zytor.com>
Date: Fri, 4 Oct 2024 14:06:05 -0700
From: "H. Peter Anvin" <hpa@...or.com>
To: Ard Biesheuvel <ardb@...nel.org>,
Linus Torvalds <torvalds@...ux-foundation.org>
Cc: Ard Biesheuvel <ardb+git@...gle.com>, linux-kernel@...r.kernel.org,
x86@...nel.org, Andy Lutomirski <luto@...nel.org>,
Peter Zijlstra <peterz@...radead.org>, Uros Bizjak <ubizjak@...il.com>,
Dennis Zhou <dennis@...nel.org>, Tejun Heo <tj@...nel.org>,
Christoph Lameter <cl@...ux.com>,
Mathieu Desnoyers <mathieu.desnoyers@...icios.com>,
Paolo Bonzini <pbonzini@...hat.com>,
Vitaly Kuznetsov <vkuznets@...hat.com>,
Juergen Gross <jgross@...e.com>,
Boris Ostrovsky
<boris.ostrovsky@...cle.com>,
Greg Kroah-Hartman
<gregkh@...uxfoundation.org>,
Arnd Bergmann <arnd@...db.de>, Masahiro Yamada <masahiroy@...nel.org>,
Kees Cook <kees@...nel.org>, Nathan Chancellor <nathan@...nel.org>,
Keith Packard <keithp@...thp.com>,
Justin Stitt <justinstitt@...gle.com>,
Josh Poimboeuf <jpoimboe@...nel.org>,
Arnaldo Carvalho de Melo <acme@...nel.org>,
Namhyung Kim <namhyung@...nel.org>, Jiri Olsa <jolsa@...nel.org>,
Ian Rogers <irogers@...gle.com>,
Adrian Hunter <adrian.hunter@...el.com>,
Kan Liang <kan.liang@...ux.intel.com>, linux-doc@...r.kernel.org,
linux-pm@...r.kernel.org, kvm@...r.kernel.org,
xen-devel@...ts.xenproject.org, linux-efi@...r.kernel.org,
linux-arch@...r.kernel.org, linux-sparse@...r.kernel.org,
linux-kbuild@...r.kernel.org, linux-perf-users@...r.kernel.org,
rust-for-linux@...r.kernel.org, llvm@...ts.linux.dev
Subject: Re: [RFC PATCH 25/28] x86: Use PIE codegen for the core kernel
On 10/3/24 04:13, Ard Biesheuvel wrote:
>
>> That said, doing changes like changing "mov $sym" to "lea sym(%rip)" I
>> feel are a complete no-brainer and should be done regardless of any
>> other code generation issues.
>
> Yes, this is the primary reason I ended up looking into this in the
> first place. Earlier this year, we ended up having to introduce
> RIP_REL_REF() to emit those RIP-relative references explicitly, in
> order to prevent the C code that is called via the early 1:1 mapping
> from exploding. The amount of C code called in that manner has been
> growing steadily over time with the introduction of 5-level paging and
> SEV-SNP and TDX support, which need to play all kinds of tricks before
> the normal kernel mappings are created.
>
movq $sym to leaq sym(%rip) which you said ought to be smaller (and in
reality appears to be the same size, 7 bytes) seems like a no-brainer
and can be treated as a code quality issue -- in other words, file bug
reports against gcc and clang.
> Compiling with -fpie and linking with --pie -z text produces an
> executable that is guaranteed to have only RIP-relative references in
> the .text segment, removing the need for RIP_REL_REF entirely (it
> already does nothing when __pic__ is #define'd).
But -fpie has a considerable cost; specifically when we have indexed
references, as in that case the base pointer needs to be manifest in a
register, *and* it takes up a register slot in the EA, which may end
converting one instruction into three.
Now, the "kernel" memory model is defined in the ABI document, but there
is nothing that prevents us from making updates to it if we need to;
e.g. the statement that movq $sym can be used is undesirable, of course.
-hpa
Powered by blists - more mailing lists