Re: [Xen-devel] [PATCH v2 3/3] x86: Make the GDT remapping read-only on 64 bit

On Wed, Feb 1, 2017 at 9:14 PM, Andy Lutomirski <l...@kernel.org> wrote: > On Thu, Jan 26, 2017 at 8:59 AM, Thomas Garnier <thgar...@google.com> wrote: >> This patch makes the GDT remapped pages read-only to prevent corruption. >> This change is done only on 64 bit. &g

[Xen-devel] [PATCH v2 1/3] x86/mm: Adapt MODULES_END based on Fixmap section size

address does not provide enough space for the kernel to support a large number of processors. Signed-off-by: Thomas Garnier <thgar...@google.com> --- Based on next-20170125 --- arch/x86/include/asm/fixmap.h | 8 arch/x86/include/asm/pgtable_64_types.h | 3 --- arch/x86/

[Xen-devel] [PATCH v2 3/3] x86: Make the GDT remapping read-only on 64 bit

the original GDT. Instead of reloading the previous GDT, VMX will reload the fixmap GDT as expected. For testing, VMs were started and restored on multiple configurations. Signed-off-by: Thomas Garnier <thgar...@google.com> --- Based on next-20170125 --- arch/x86/include/asm/desc.h

[Xen-devel] [PATCH v2 2/3] x86: Remap GDT tables in the Fixmap section

. For hibernation, the main processor returns with the original GDT and switches back to the remapping at completion. This patch was tested on both architectures. Hibernation and KVM were both tested specially for their usage of the GDT. Signed-off-by: Thomas Garnier <thgar...@google.com> ---

Re: [Xen-devel] [PATCH v2 2/3] x86: Remap GDT tables in the Fixmap section

On Thu, Jan 26, 2017 at 10:52 AM, Andy Lutomirski <l...@amacapital.net> wrote: > On Thu, Jan 26, 2017 at 8:59 AM, Thomas Garnier <thgar...@google.com> wrote: >> Each processor holds a GDT in its per-cpu structure. The sgdt >> instruction gives the base address of the cu

Re: [Xen-devel] [PATCH v3 4/4] KVM: VMX: Simplify segment_base

On Mon, Feb 20, 2017 at 8:56 AM, Andy Lutomirski <l...@amacapital.net> wrote: > On Fri, Feb 17, 2017 at 2:01 PM, Thomas Garnier <thgar...@google.com> wrote: >> On Fri, Feb 17, 2017 at 1:00 PM, Jim Mattson <jmatt...@google.com> wrote: >>> On Fri, Feb 17, 201

Re: [Xen-devel] [PATCH v3 4/4] KVM: VMX: Simplify segment_base

On Mon, Feb 20, 2017 at 9:28 AM, Thomas Garnier <thgar...@google.com> wrote: > On Mon, Feb 20, 2017 at 8:56 AM, Andy Lutomirski <l...@amacapital.net> wrote: >> On Fri, Feb 17, 2017 at 2:01 PM, Thomas Garnier <thgar...@google.com> wrote: >>> On Fri, Feb 17,

Re: [Xen-devel] [PATCH v4 1/4] x86/mm: Adapt MODULES_END based on Fixmap section size

address does not provide enough space for the kernel to support a large number of processors. Signed-off-by: Thomas Garnier <thgar...@google.com> --- Based on next-20170213 Fixed fixmap dependencies on random configurations. --- Documentation/x86/x86_64/mm.txt | 5 - arch/x86/inclu

Re: [Xen-devel] [PATCH v3 4/4] KVM: VMX: Simplify segment_base

On Fri, Feb 17, 2017 at 1:00 PM, Jim Mattson <jmatt...@google.com> wrote: > On Fri, Feb 17, 2017 at 12:11 PM, Thomas Garnier <thgar...@google.com> wrote: >> On Fri, Feb 17, 2017 at 9:49 AM, Jim Mattson <jmatt...@google.com> wrote: >>> >>> Can

Re: [Xen-devel] [PATCH v4 1/4] x86/mm: Adapt MODULES_END based on Fixmap section size

6/core kvm/linux-next tip/auto-latest v4.9-rc8 > v4.9-rc7 v4.9-rc6] > [if your patch is applied to the wrong git tree, please drop us a note to > help improve the system] > > url:https://github.com/0day-ci/linux/commits/Thomas-Garnier/ > x86-mm-Adapt-MODULES_END-based-on-Fixma

Re: [Xen-devel] [PATCH v3 4/4] KVM: VMX: Simplify segment_base

y GDT but I think doesn't matter one or the other here. We have to check specific types for LDT or TSS, other values describe other entries (cf Intel volume 3, 3.5) (for example 14 & 15 on 64-bits are for trap & interrupt gates). > > > On Tue, Feb 14, 2017 at 11:42 AM, Thomas

[Xen-devel] [PATCH v4 3/4] x86: Make the GDT remapping read-only on 64-bit

the original GDT. Instead of reloading the previous GDT, VMX will reload the fixmap GDT as expected. For testing, VMs were started and restored on multiple configurations. Signed-off-by: Thomas Garnier <thgar...@google.com> --- Based on next-20170213 --- arch/x86/include/asm/desc.h

[Xen-devel] [PATCH v3 3/4] x86: Make the GDT remapping read-only on 64-bit

the original GDT. Instead of reloading the previous GDT, VMX will reload the fixmap GDT as expected. For testing, VMs were started and restored on multiple configurations. Signed-off-by: Thomas Garnier <thgar...@google.com> --- Based on next-20170213 --- arch/x86/include/asm/desc.h

[Xen-devel] [PATCH v3 1/4] x86/mm: Adapt MODULES_END based on Fixmap section size

address does not provide enough space for the kernel to support a large number of processors. Signed-off-by: Thomas Garnier <thgar...@google.com> --- Based on next-20170213 --- arch/x86/include/asm/fixmap.h | 8 arch/x86/include/asm/pgtable_64_types.h | 3 --- arch/x86/

[Xen-devel] [PATCH v3 2/4] x86: Remap GDT tables in the Fixmap section

. For hibernation, the main processor returns with the original GDT and switches back to the remapping at completion. This patch was tested on both architectures. Hibernation and KVM were both tested specially for their usage of the GDT. Signed-off-by: Thomas Garnier <thgar...@google.com> ---

[Xen-devel] [PATCH v3 4/4] KVM: VMX: Simplify segment_base

The KVM segment_base function is confusing. This patch replaces integers with appropriate flags, simplify constructs and add comments. Signed-off-by: Thomas Garnier <thgar...@google.com> --- Based on next-20170213 --- arch/x86/kvm/vmx.c | 26 ++ 1 file chang

Re: [Xen-devel] [PATCH v3 4/4] KVM: VMX: Simplify segment_base

On Tue, Feb 14, 2017 at 7:57 PM, Andy Lutomirski <l...@amacapital.net> wrote: > On Tue, Feb 14, 2017 at 11:42 AM, Thomas Garnier <thgar...@google.com> wrote: >> The KVM segment_base function is confusing. This patch replaces integers >> with appropriate flags, simplify

Re: [Xen-devel] [PATCH v3 1/4] x86/mm: Adapt MODULES_END based on Fixmap section size

On Wed, Feb 15, 2017 at 5:58 AM, Borislav Petkov <b...@suse.de> wrote: > > On Tue, Feb 14, 2017 at 11:42:56AM -0800, Thomas Garnier wrote: > > This patch aligns MODULES_END to the beginning of the Fixmap section. > > It optimizes the space available for both sections

Re: [Xen-devel] [PATCH v3 2/4] x86: Remap GDT tables in the Fixmap section

On Wed, Feb 15, 2017 at 7:37 AM, Boris Ostrovsky <boris.ostrov...@oracle.com> wrote: > On 02/14/2017 02:42 PM, Thomas Garnier wrote: >> diff --git a/arch/x86/xen/smp.c b/arch/x86/xen/smp.c >> index 0dee6f59ea82..6399bab936cd 100644 >> --- a/arch/x86/xen/smp.c

[Xen-devel] [PATCH v4 1/4] x86/mm: Adapt MODULES_END based on Fixmap section size

address does not provide enough space for the kernel to support a large number of processors. Signed-off-by: Thomas Garnier <thgar...@google.com> --- Based on next-20170213 --- Documentation/x86/x86_64/mm.txt | 5 - arch/x86/include/asm/pgtable_64_types.h | 3 ++- 2 files chan

[Xen-devel] [PATCH v4 2/4] x86: Remap GDT tables in the Fixmap section

. For hibernation, the main processor returns with the original GDT and switches back to the remapping at completion. This patch was tested on both architectures. Hibernation and KVM were both tested specially for their usage of the GDT. Signed-off-by: Thomas Garnier <thgar...@google.com> ---

[Xen-devel] [PATCH v4 4/4] KVM: VMX: Simplify segment_base

The KVM segment_base function is confusing. This patch replaces integers with appropriate flags, simplify constructs and add comments. Signed-off-by: Thomas Garnier <thgar...@google.com> --- Based on next-20170213 --- arch/x86/kvm/vmx.c | 30 -- 1 file chang

Re: [Xen-devel] [PATCH v7 1/3] x86/mm: Adapt MODULES_END based on Fixmap section size

l to support a large number of processors. Signed-off-by: Thomas Garnier <thgar...@google.com> --- Based on next-20170308 --- Documentation/x86/x86_64/mm.txt | 5 - arch/x86/include/asm/pgtable_64.h | 1 + arch/x86/include/asm/pgtable_64_types.h | 3 ++- 3 files changed, 7 insertio

Re: [Xen-devel] [PATCH v7 3/3] x86: Make the GDT remapping read-only on 64-bit

On Tue, Mar 14, 2017 at 2:04 PM, Pavel Machek <pa...@ucw.cz> wrote: > On Tue 2017-03-14 10:05:08, Thomas Garnier wrote: >> This patch makes the GDT remapped pages read-only to prevent corruption. >> This change is done only on 64-bit. >> >> The native_load_tr_desc

Re: [Xen-devel] [PATCH v5 2/3] x86: Remap GDT tables in the Fixmap section

On Thu, Mar 9, 2017 at 1:46 PM, Andy Lutomirski <l...@amacapital.net> wrote: > On Thu, Mar 9, 2017 at 1:43 PM, Andrew Cooper <andrew.coop...@citrix.com> > wrote: >> On 09/03/2017 21:32, Andy Lutomirski wrote: >>> On Mon, Mar 6, 2017 at 2:03 PM, Thomas Ga

Re: [Xen-devel] [PATCH v5 2/3] x86: Remap GDT tables in the Fixmap section

On Thu, Mar 9, 2017 at 2:13 PM, Boris Ostrovsky wrote: > >>> I don't have any experience with Xen so it would be great if virtme can >>> test it. >> >> I am pretty sure I tested this series at some point but I'll test it again. >> > > > Fails 32-bit build: > > >

Re: [Xen-devel] Mapping active GDT

On Mon, Mar 13, 2017 at 6:09 AM, Boris Ostrovsky wrote: > On 03/11/2017 08:06 AM, Andrew Cooper wrote: >> On 11/03/2017 03:58, Boris Ostrovsky wrote: >>> On 03/10/2017 09:39 PM, Boris Ostrovsky wrote: I am looking into GDT remap series [0] which crashes PV guests

Re: [Xen-devel] Mapping active GDT

On Mon, Mar 13, 2017 at 10:32 AM, Boris Ostrovsky wrote: > No, it will need a few small changes. I am actually finishing the test > run (in the next hour or so) and will reply on the Linux thread. > Great, thanks again! -- Thomas

Re: [Xen-devel] [PATCH v5 2/3] x86: Remap GDT tables in the Fixmap section

On Mon, Mar 13, 2017 at 11:32 AM, Boris Ostrovsky wrote: > There are a couple of problems for Xen PV guests that need to be addressed: > 1. Xen's set_fixmap op needs non-default handling for > FIX_GDT_REMAP_BEGIN range > 2. GDT remapping for PV guests needs to be RO

[Xen-devel] [PATCH v7 2/3] x86: Remap GDT tables in the Fixmap section

com> for testing and recommending changes for Xen support. Signed-off-by: Thomas Garnier <thgar...@google.com> --- Based on next-20170308 --- arch/x86/entry/vdso/vma.c | 2 +- arch/x86/include/asm/desc.h | 58 --- arch/x86/include/

[Xen-devel] [PATCH v7 3/3] x86: Make the GDT remapping read-only on 64-bit

the original GDT. Instead of reloading the previous GDT, VMX will reload the fixmap GDT as expected. For testing, VMs were started and restored on multiple configurations. Signed-off-by: Thomas Garnier <thgar...@google.com> --- Based on next-20170308 --- arch/x86/include/asm/desc.h

[Xen-devel] [PATCH v7 1/3] x86/mm: Adapt MODULES_END based on Fixmap section size

address does not provide enough space for the kernel to support a large number of processors. Signed-off-by: Thomas Garnier <thgar...@google.com> --- Based on next-20170308 --- Documentation/x86/x86_64/mm.txt | 5 - arch/x86/include/asm/pgtable_64_types.h | 3 ++- arch/x86/kernel/mo

[Xen-devel] [PATCH v5 3/3] x86: Make the GDT remapping read-only on 64-bit

the original GDT. Instead of reloading the previous GDT, VMX will reload the fixmap GDT as expected. For testing, VMs were started and restored on multiple configurations. Signed-off-by: Thomas Garnier <thgar...@google.com> --- Based on next-20170306 --- arch/x86/include/asm/desc.h

[Xen-devel] [PATCH v5 2/3] x86: Remap GDT tables in the Fixmap section

. For hibernation, the main processor returns with the original GDT and switches back to the remapping at completion. This patch was tested on both architectures. Hibernation and KVM were both tested specially for their usage of the GDT. Signed-off-by: Thomas Garnier <thgar...@google.com> ---

[Xen-devel] [PATCH v5 1/3] x86/mm: Adapt MODULES_END based on Fixmap section size

address does not provide enough space for the kernel to support a large number of processors. Signed-off-by: Thomas Garnier <thgar...@google.com> --- Based on next-20170306 --- Documentation/x86/x86_64/mm.txt | 5 - arch/x86/include/asm/pgtable_64_types.h | 3 ++- arch/x86/kernel/mo

Re: [Xen-devel] x86: PIE support and option to extend KASLR randomization

On Tue, Aug 15, 2017 at 12:56 AM, Ingo Molnar <mi...@kernel.org> wrote: > > * Thomas Garnier <thgar...@google.com> wrote: > >> > Do these changes get us closer to being able to build the kernel as truly >> > position independent, i.e. to place it anywhere

Re: [Xen-devel] x86: PIE support and option to extend KASLR randomization

On Tue, Aug 15, 2017 at 7:47 AM, Daniel Micay <danielmi...@gmail.com> wrote: > On 15 August 2017 at 10:20, Thomas Garnier <thgar...@google.com> wrote: >> On Tue, Aug 15, 2017 at 12:56 AM, Ingo Molnar <mi...@kernel.org> wrote: >>> >>> * Thomas Garni

[Xen-devel] [RFC v2 07/23] x86: relocate_kernel - Adapt assembly for PIE support

Change the assembly code to use only relative references of symbols for the kernel to be PIE compatible. Position Independent Executable (PIE) support will allow to extended the KASLR randomization range below the -2G memory limit. Signed-off-by: Thomas Garnier <thgar...@google.com> ---

[Xen-devel] [RFC v2 12/23] x86/boot/64: Adapt assembly for PIE support

as expected. Position Independent Executable (PIE) support will allow to extended the KASLR randomization range below the -2G memory limit. Signed-off-by: Thomas Garnier <thgar...@google.com> --- arch/x86/kernel/head_64.S | 31 +++ 1 file changed, 23 insertions

[Xen-devel] [RFC v2 04/23] x86: Add macro to get symbol address for PIE support

Add a new _ASM_GET_PTR macro to fetch a symbol address. It will be used to replace "_ASM_MOV $, %dst" code construct that are not compatible with PIE. Signed-off-by: Thomas Garnier <thgar...@google.com> --- arch/x86/include/asm/asm.h | 13 + 1 file changed, 13 ins

[Xen-devel] [RFC v2 23/23] x86/kaslr: Add option to extend KASLR range from 1GB to 3GB

three PUD pages. The relocation table uses 64-bit integers generated with the updated relocation tool with the large-reloc option. Signed-off-by: Thomas Garnier <thgar...@google.com> --- arch/x86/Kconfig | 21 + arch/x86/boot/compressed/Makefile

[Xen-devel] [RFC v2 15/23] x86/boot/64: Use _text in a global for PIE support

memory limit. Signed-off-by: Thomas Garnier <thgar...@google.com> --- arch/x86/kernel/head64.c | 12 +--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/arch/x86/kernel/head64.c b/arch/x86/kernel/head64.c index 925b2928f377..e71f27a20576 100644 --- a/arch/x86/kernel/he

[Xen-devel] [RFC v2 18/23] x86/relocs: Handle DYN relocations for PIE support

Independent Executable (PIE) support will allow to extended the KASLR randomization range below the -2G memory limit. Signed-off-by: Thomas Garnier <thgar...@google.com> --- arch/x86/tools/relocs.c | 74 +++-- 1 file changed, 65 insertions(+), 9 deletions(-)

[Xen-devel] [RFC v2 20/23] x86/pie: Add option to build the kernel as PIE for x86_64

) .text sections: - PIE disabled: 9373572 bytes (+0.04% from baseline) - PIE enabled: 9499138 bytes (+1.38% from baseline) The big decrease in vmlinux file size is due to the lower number of relocations appended to the file. Signed-off-by: Thomas Garnier <thgar...@google.com> --- ar

[Xen-devel] [RFC v2 14/23] x86/paravirt: Adapt assembly for PIE support

if PIE is enabled, switch the paravirt assembly constraints to be compatible. The %c/i constrains generate smaller code so is kept by default. Position Independent Executable (PIE) support will allow to extended the KASLR randomization range below the -2G memory limit. Signed-off-by: Thomas

[Xen-devel] [RFC v2 01/23] x86/crypto: Adapt assembly for PIE support

Change the assembly code to use only relative references of symbols for the kernel to be PIE compatible. Position Independent Executable (PIE) support will allow to extended the KASLR randomization range below the -2G memory limit. Signed-off-by: Thomas Garnier <thgar...@google.com> ---

[Xen-devel] [RFC v2 13/23] x86/power/64: Adapt assembly for PIE support

Change the assembly code to use only relative references of symbols for the kernel to be PIE compatible. Position Independent Executable (PIE) support will allow to extended the KASLR randomization range below the -2G memory limit. Signed-off-by: Thomas Garnier <thgar...@google.com> ---

[Xen-devel] [RFC v2 08/23] x86/entry/64: Adapt assembly for PIE support

Change the assembly code to use only relative references of symbols for the kernel to be PIE compatible. Position Independent Executable (PIE) support will allow to extended the KASLR randomization range below the -2G memory limit. Signed-off-by: Thomas Garnier <thgar...@google.com> ---

[Xen-devel] [RFC v2 16/23] x86/percpu: Adapt percpu for PIE support

Executable (PIE) support will allow to extended the KASLR randomization range below the -2G memory limit. Signed-off-by: Thomas Garnier <thgar...@google.com> --- arch/x86/entry/entry_64.S | 4 ++-- arch/x86/include/asm/percpu.h | 25 +++-- arch/x86/kernel/cpu/common.c

[Xen-devel] [RFC v2 22/23] x86/module: Add support for mcmodel large and PLTs

still expect kernel functions to be within 2G and generate relative calls. To solve this issue, the PLT arm64 code was adapted for x86_64. When a relative relocation go outside its range, a dynamic PLT entry is used to correctly jump to the destination. Signed-off-by: Thomas Garnier <th

[Xen-devel] [RFC v2 11/23] x86/acpi: Adapt assembly for PIE support

Change the assembly code to use only relative references of symbols for the kernel to be PIE compatible. Position Independent Executable (PIE) support will allow to extended the KASLR randomization range below the -2G memory limit. Signed-off-by: Thomas Garnier <thgar...@google.com> ---

[Xen-devel] [RFC v2 17/23] compiler: Option to default to hidden symbols

Provide an option to default visibility to hidden except for key symbols. This option is disabled by default and will be used by x86_64 PIE support to remove errors between compilation units. Signed-off-by: Thomas Garnier <thgar...@google.com> --- arch/x86/boot/boot.h | 2 +- ar

[Xen-devel] [RFC v2 21/23] x86/relocs: Add option to generate 64-bit relocations

the top 2G and 32-bit integers are not enough. Signed-off-by: Thomas Garnier <thgar...@google.com> --- arch/x86/tools/relocs.c| 60 +- arch/x86/tools/relocs.h| 4 +-- arch/x86/tools/relocs_common.c | 15 +++ 3 files changed, 60 inse

[Xen-devel] x86: PIE support and option to extend KASLR randomization

Changes: - v2: - Add support for global stack cookie while compiler default to fs without mcmodel=kernel - Change patch 7 to correctly jump out of the identity mapping on kexec load preserve. These patches make the changes necessary to build the kernel as Position Independent

[Xen-devel] [RFC v2 06/23] kvm: Adapt assembly for PIE support

randomization range below the -2G memory limit. Signed-off-by: Thomas Garnier <thgar...@google.com> --- arch/x86/include/asm/kvm_host.h | 6 -- arch/x86/kernel/kvm.c | 6 -- arch/x86/kvm/svm.c | 4 ++-- 3 files changed, 10 insertions(+), 6 deletions(-) diff

[Xen-devel] [RFC v2 05/23] xen: Adapt assembly for PIE support

range below the -2G memory limit. Signed-off-by: Thomas Garnier <thgar...@google.com> --- arch/x86/xen/xen-asm.h | 3 ++- arch/x86/xen/xen-head.S | 9 + 2 files changed, 7 insertions(+), 5 deletions(-) diff --git a/arch/x86/xen/xen-asm.h b/arch/x86/xen/xen-asm.h index 465276

[Xen-devel] [RFC v2 03/23] x86: Use symbol name in jump table for PIE support

Replace the %c constraint with %P. The %c is incompatible with PIE because it implies an immediate value whereas %P reference a symbol. Position Independent Executable (PIE) support will allow to extended the KASLR randomization range below the -2G memory limit. Signed-off-by: Thomas Garnier

[Xen-devel] [RFC v2 19/23] x86: Support global stack cookie

. Signed-off-by: Thomas Garnier <thgar...@google.com> --- arch/x86/Kconfig | 4 arch/x86/Makefile | 9 + arch/x86/entry/entry_32.S | 3 ++- arch/x86/entry/entry_64.S | 3 ++- arch/x86/include/asm/proce

[Xen-devel] [RFC v2 09/23] x86: pm-trace - Adapt assembly for PIE support

Change assembly to use the new _ASM_GET_PTR macro instead of _ASM_MOV for the assembly to be PIE compatible. Position Independent Executable (PIE) support will allow to extended the KASLR randomization range below the -2G memory limit. Signed-off-by: Thomas Garnier <thgar...@google.

[Xen-devel] [RFC v2 02/23] x86: Use symbol name on bug table for PIE support

Replace the %c constraint with %P. The %c is incompatible with PIE because it implies an immediate value whereas %P reference a symbol. Position Independent Executable (PIE) support will allow to extended the KASLR randomization range below the -2G memory limit. Signed-off-by: Thomas Garnier

[Xen-devel] [RFC v2 10/23] x86/CPU: Adapt assembly for PIE support

randomization range below the -2G memory limit. Signed-off-by: Thomas Garnier <thgar...@google.com> --- arch/x86/include/asm/processor.h | 8 +--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/arch/x86/include/asm/processor.h b/arch/x86/include/asm/processor.h index c13527

Re: [Xen-devel] x86: PIE support and option to extend KASLR randomization

On Fri, Aug 11, 2017 at 5:41 AM, Ingo Molnar <mi...@kernel.org> wrote: > > * Thomas Garnier <thgar...@google.com> wrote: > >> Changes: >> - v2: >>- Add support for global stack cookie while compiler default to fs without >> mcmodel=kernel

Re: [Xen-devel] [RFC v2 13/23] x86/power/64: Adapt assembly for PIE support

On Fri, Aug 11, 2017 at 5:36 AM, Pavel Machek <pa...@ucw.cz> wrote: > On Thu 2017-08-10 10:26:05, Thomas Garnier wrote: >> Change the assembly code to use only relative references of symbols for the >> kernel to be PIE compatible. >> >> Position Independent Ex

Re: [Xen-devel] [RFC 16/22] x86/percpu: Adapt percpu for PIE support

On Wed, Jul 19, 2017 at 4:33 PM, H. Peter Anvin <h...@zytor.com> wrote: > On 07/19/17 11:26, Thomas Garnier wrote: >> On Tue, Jul 18, 2017 at 8:08 PM, Brian Gerst <brge...@gmail.com> wrote: >>> On Tue, Jul 18, 2017 at 6:33 PM, Thomas Garnier <thgar...@google.com&

[Xen-devel] [RFC 08/22] x86/entry/64: Adapt assembly for PIE support

Change the assembly code to use only relative references of symbols for the kernel to be PIE compatible. Position Independent Executable (PIE) support will allow to extended the KASLR randomization range below the -2G memory limit. Signed-off-by: Thomas Garnier <thgar...@google.com> ---

[Xen-devel] [RFC 03/22] x86: Use symbol name in jump table for PIE support

Replace the %c constraint with %P. The %c is incompatible with PIE because it implies an immediate value whereas %P reference a symbol. Position Independent Executable (PIE) support will allow to extended the KASLR randomization range below the -2G memory limit. Signed-off-by: Thomas Garnier

[Xen-devel] [RFC 12/22] x86/boot/64: Adapt assembly for PIE support

as expected. Position Independent Executable (PIE) support will allow to extended the KASLR randomization range below the -2G memory limit. Signed-off-by: Thomas Garnier <thgar...@google.com> --- arch/x86/kernel/head_64.S | 32 1 file changed, 24 insertions

[Xen-devel] [RFC 09/22] x86: pm-trace - Adapt assembly for PIE support

Change assembly to use the new _ASM_GET_PTR macro instead of _ASM_MOV for the assembly to be PIE compatible. Position Independent Executable (PIE) support will allow to extended the KASLR randomization range below the -2G memory limit. Signed-off-by: Thomas Garnier <thgar...@google.

[Xen-devel] [RFC 01/22] x86/crypto: Adapt assembly for PIE support

Change the assembly code to use only relative references of symbols for the kernel to be PIE compatible. Position Independent Executable (PIE) support will allow to extended the KASLR randomization range below the -2G memory limit. Signed-off-by: Thomas Garnier <thgar...@google.com> ---

[Xen-devel] x86: PIE support and option to extend KASLR randomization

These patches make the changes necessary to build the kernel as Position Independent Executable (PIE) on x86_64. A PIE kernel can be relocated below the top 2G of the virtual address space. It allows to optionally extend the KASLR randomization range from 1G to 3G. Thanks a lot to Ard Biesheuvel

[Xen-devel] [RFC 14/22] x86/paravirt: Adapt assembly for PIE support

if PIE is enabled, switch the paravirt assembly constraints to be compatible. The %c/i constrains generate smaller code so is kept by default. Position Independent Executable (PIE) support will allow to extended the KASLR randomization range below the -2G memory limit. Signed-off-by: Thomas

[Xen-devel] [RFC 13/22] x86/power/64: Adapt assembly for PIE support

Change the assembly code to use only relative references of symbols for the kernel to be PIE compatible. Position Independent Executable (PIE) support will allow to extended the KASLR randomization range below the -2G memory limit. Signed-off-by: Thomas Garnier <thgar...@google.com> ---

[Xen-devel] [RFC 19/22] x86/pie: Add option to build the kernel as PIE for x86_64

) .text sections: - PIE disabled: 9373572 bytes (+0.04% from baseline) - PIE enabled: 9499138 bytes (+1.38% from baseline) The big decrease in vmlinux file size is due to the lower number of relocations appended to the file. Signed-off-by: Thomas Garnier <thgar...@google.com> --- ar

[Xen-devel] [RFC 18/22] x86/relocs: Handle DYN relocations for PIE support

Independent Executable (PIE) support will allow to extended the KASLR randomization range below the -2G memory limit. Signed-off-by: Thomas Garnier <thgar...@google.com> --- arch/x86/tools/relocs.c | 74 +++-- 1 file changed, 65 insertions(+), 9 deletions(-)

[Xen-devel] [RFC 20/22] x86/relocs: Add option to generate 64-bit relocations

the top 2G and 32-bit integers are not enough. Signed-off-by: Thomas Garnier <thgar...@google.com> --- arch/x86/tools/relocs.c| 60 +- arch/x86/tools/relocs.h| 4 +-- arch/x86/tools/relocs_common.c | 15 +++ 3 files changed, 60 inse

[Xen-devel] [RFC 21/22] x86/module: Add support for mcmodel large and PLTs

still expect kernel functions to be within 2G and generate relative calls. To solve this issue, the PLT arm64 code was adapted for x86_64. When a relative relocation go outside its range, a dynamic PLT entry is used to correctly jump to the destination. Signed-off-by: Thomas Garnier <th

[Xen-devel] [RFC 04/22] x86: Add macro to get symbol address for PIE support

Add a new _ASM_GET_PTR macro to fetch a symbol address. It will be used to replace "_ASM_MOV $, %dst" code construct that are not compatible with PIE. Signed-off-by: Thomas Garnier <thgar...@google.com> --- arch/x86/include/asm/asm.h | 13 + 1 file changed, 13 ins

[Xen-devel] [RFC 05/22] xen: Adapt assembly for PIE support

range below the -2G memory limit. Signed-off-by: Thomas Garnier <thgar...@google.com> --- arch/x86/xen/xen-asm.h | 3 ++- arch/x86/xen/xen-head.S | 9 + 2 files changed, 7 insertions(+), 5 deletions(-) diff --git a/arch/x86/xen/xen-asm.h b/arch/x86/xen/xen-asm.h index 465276

[Xen-devel] [RFC 11/22] x86/acpi: Adapt assembly for PIE support

Change the assembly code to use only relative references of symbols for the kernel to be PIE compatible. Position Independent Executable (PIE) support will allow to extended the KASLR randomization range below the -2G memory limit. Signed-off-by: Thomas Garnier <thgar...@google.com> ---

[Xen-devel] [RFC 06/22] kvm: Adapt assembly for PIE support

randomization range below the -2G memory limit. Signed-off-by: Thomas Garnier <thgar...@google.com> --- arch/x86/include/asm/kvm_host.h | 6 -- arch/x86/kernel/kvm.c | 6 -- arch/x86/kvm/svm.c | 4 ++-- 3 files changed, 10 insertions(+), 6 deletions(-) diff

[Xen-devel] [RFC 22/22] x86/kaslr: Add option to extend KASLR range from 1GB to 3GB

three PUD pages. The relocation table uses 64-bit integers generated with the updated relocation tool with the large-reloc option. Signed-off-by: Thomas Garnier <thgar...@google.com> --- arch/x86/Kconfig | 21 + arch/x86/boot/compressed/Makefile

[Xen-devel] [RFC 16/22] x86/percpu: Adapt percpu for PIE support

Executable (PIE) support will allow to extended the KASLR randomization range below the -2G memory limit. Signed-off-by: Thomas Garnier <thgar...@google.com> --- arch/x86/entry/entry_64.S | 4 ++-- arch/x86/include/asm/percpu.h | 25 +++-- arch/x86/kernel/cpu/common.c

[Xen-devel] [RFC 17/22] compiler: Option to default to hidden symbols

Provide an option to default visibility to hidden except for key symbols. This option is disabled by default and will be used by x86_64 PIE support to remove errors between compilation units. Signed-off-by: Thomas Garnier <thgar...@google.com> --- arch/x86/boot/boot.h | 2 +- ar

[Xen-devel] [RFC 07/22] x86: relocate_kernel - Adapt assembly for PIE support

Change the assembly code to use only relative references of symbols for the kernel to be PIE compatible. Position Independent Executable (PIE) support will allow to extended the KASLR randomization range below the -2G memory limit. Signed-off-by: Thomas Garnier <thgar...@google.com> ---

[Xen-devel] [RFC 02/22] x86: Use symbol name on bug table for PIE support

Replace the %c constraint with %P. The %c is incompatible with PIE because it implies an immediate value whereas %P reference a symbol. Position Independent Executable (PIE) support will allow to extended the KASLR randomization range below the -2G memory limit. Signed-off-by: Thomas Garnier

[Xen-devel] [RFC 15/22] x86/boot/64: Use _text in a global for PIE support

memory limit. Signed-off-by: Thomas Garnier <thgar...@google.com> --- arch/x86/kernel/head64.c | 10 -- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/arch/x86/kernel/head64.c b/arch/x86/kernel/head64.c index 46c3c73e7f43..4103e90ff128 100644 --- a/arch/x86/kernel/he

[Xen-devel] [RFC 10/22] x86/CPU: Adapt assembly for PIE support

randomization range below the -2G memory limit. Signed-off-by: Thomas Garnier <thgar...@google.com> --- arch/x86/include/asm/processor.h | 8 +--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/arch/x86/include/asm/processor.h b/arch/x86/include/asm/processor.h index 028245

Re: [Xen-devel] [RFC 21/22] x86/module: Add support for mcmodel large and PLTs

On Tue, Jul 18, 2017 at 8:59 PM, Brian Gerst <brge...@gmail.com> wrote: > On Tue, Jul 18, 2017 at 9:35 PM, H. Peter Anvin <h...@zytor.com> wrote: >> On 07/18/17 15:33, Thomas Garnier wrote: >>> With PIE support and KASLR extended range, the modules may be further

Re: [Xen-devel] [RFC 16/22] x86/percpu: Adapt percpu for PIE support

On Tue, Jul 18, 2017 at 8:08 PM, Brian Gerst <brge...@gmail.com> wrote: > On Tue, Jul 18, 2017 at 6:33 PM, Thomas Garnier <thgar...@google.com> wrote: >> Perpcu uses a clever design where the .percu ELF section has a virtual >> address of zero and the relocation cod

Re: [Xen-devel] [RFC 06/22] kvm: Adapt assembly for PIE support

On Tue, Jul 18, 2017 at 7:49 PM, Brian Gerst <brge...@gmail.com> wrote: > On Tue, Jul 18, 2017 at 6:33 PM, Thomas Garnier <thgar...@google.com> wrote: >> Change the assembly code to use only relative references of symbols for the >> kernel to be PIE compatible. The

Re: [Xen-devel] [RFC 21/22] x86/module: Add support for mcmodel large and PLTs

On Wed, Jul 19, 2017 at 10:34 AM, Brian Gerst <brge...@gmail.com> wrote: > On Wed, Jul 19, 2017 at 11:58 AM, Thomas Garnier <thgar...@google.com> wrote: >> On Tue, Jul 18, 2017 at 8:59 PM, Brian Gerst <brge...@gmail.com> wrote: >>> On Tue, Jul 18, 2017 at 9:3

Re: [Xen-devel] [RFC 06/22] kvm: Adapt assembly for PIE support

On Wed, Jul 19, 2017 at 3:27 PM, H. Peter Anvin <h...@zytor.com> wrote: > On 07/19/17 08:40, Thomas Garnier wrote: >>> >>> This doesn't look right. It's accessing a per-cpu variable. The >>> per-cpu section is an absolute, zero-based section and not subje

Re: [Xen-devel] [RFC 20/22] x86/relocs: Add option to generate 64-bit relocations

On Wed, Jul 19, 2017 at 3:33 PM, H. Peter Anvin <h...@zytor.com> wrote: > On 07/18/17 15:33, Thomas Garnier wrote: >> The x86 relocation tool generates a list of 32-bit signed integers. There >> was no need to use 64-bit integers because all addresses where above the 2G

Re: [Xen-devel] [RFC 07/22] x86: relocate_kernel - Adapt assembly for PIE support

On Wed, Jul 19, 2017 at 3:58 PM, H. Peter Anvin <h...@zytor.com> wrote: > On 07/18/17 15:33, Thomas Garnier wrote: >> Change the assembly code to use only relative references of symbols for the >> kernel to be PIE compatible. >> >> Position Independent Ex

Re: [Xen-devel] [RFC 20/22] x86/relocs: Add option to generate 64-bit relocations

On Wed, Jul 19, 2017 at 4:08 PM, H. Peter Anvin <h...@zytor.com> wrote: > On 07/19/17 15:47, Thomas Garnier wrote: >> On Wed, Jul 19, 2017 at 3:33 PM, H. Peter Anvin <h...@zytor.com> wrote: >>> On 07/18/17 15:33, Thomas Garnier wrote: >>>> The x86 relocat

Re: [Xen-devel] [RFC 16/22] x86/percpu: Adapt percpu for PIE support

On Thu, Jul 20, 2017 at 7:26 AM, Thomas Garnier <thgar...@google.com> wrote: > On Wed, Jul 19, 2017 at 4:33 PM, H. Peter Anvin <h...@zytor.com> wrote: >> On 07/19/17 11:26, Thomas Garnier wrote: >>> On Tue, Jul 18, 2017 at 8:08 PM, Brian Gerst <brge...@gmail.com&

Re: [Xen-devel] [RFC 16/22] x86/percpu: Adapt percpu for PIE support

On Wed, Aug 2, 2017 at 9:56 AM, Kees Cook <keesc...@chromium.org> wrote: > On Wed, Aug 2, 2017 at 9:42 AM, Thomas Garnier <thgar...@google.com> wrote: >> I noticed that not only we have the problem of gs:0x40 not being >> accessible. The compiler will default to th

Re: [Xen-devel] x86: PIE support and option to extend KASLR randomization

On Wed, Aug 16, 2017 at 8:12 AM, Ingo Molnar <mi...@kernel.org> wrote: > > > * Thomas Garnier <thgar...@google.com> wrote: > > > On Tue, Aug 15, 2017 at 12:56 AM, Ingo Molnar <mi...@kernel.org> wrote: > > > > > > * Thomas Garnier <thgar...@

Re: [Xen-devel] x86: PIE support and option to extend KASLR randomization

On Thu, Aug 17, 2017 at 1:09 AM, Ingo Molnar <mi...@kernel.org> wrote: > > > * Thomas Garnier <thgar...@google.com> wrote: > > > > > -model=small/medium assume you are on the low 32-bit. It generates > > > > instructions where the virtual ad

Re: [Xen-devel] x86: PIE support and option to extend KASLR randomization

t; > window, but in reality I've been procrastinating this is due to the > > permanent, > > non-trivial impact PIE has on generated C code. ) > > > > * Thomas Garnier <thgar...@google.com> wrote: > > > >> 1) PIE sometime needs two instructions to represent a

  1   2   >