On Mon, Aug 21, 2017 at 7:31 AM, Peter Zijlstra <pet...@infradead.org> wrote: > On Tue, Aug 15, 2017 at 07:20:38AM -0700, Thomas Garnier wrote: >> On Tue, Aug 15, 2017 at 12:56 AM, Ingo Molnar <mi...@kernel.org> wrote: > >> > Have you considered a kernel with -mcmodel=small (or medium) instead of >> > -fpie >> > -mcmodel=large? We can pick a random 2GB window in the (non-kernel) >> > canonical >> > x86-64 address space to randomize the location of kernel text. The >> > location of >> > modules can be further randomized within that 2GB window. >> >> -model=small/medium assume you are on the low 32-bit. It generates >> instructions where the virtual addresses have the high 32-bit to be >> zero. > > That's a compiler fail, right? Because the SDM states that for "CALL > rel32" the 32bit displacement is sign extended on x86_64. >
That's different than what I expected at first too. Now, I think I have an alternative of using mcmodel=large. I could use -fPIC and ensure modules are never far away from the main kernel (moving the module section start close to the random kernel end). I looked at it and that seems possible but will require more work. I plan to start with the mcmodel=large support and add this mode in a way that could benefit classic KASLR (without -fPIC) because it randomize where modules start based on the kernel. -- Thomas _______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org https://lists.xen.org/xen-devel