Re: [PATCH RFC 1/7] x86/head/64: Mark startup_gdt and startup_gdt_descr as __initdata

From: Hou Wenlong
Date: Wed Oct 18 2023 - 04:36:53 EST

Next message: Nikolay Borisov: "Re: [PATCH v14 07/23] x86/virt/tdx: Add skeleton to enable TDX on demand"
Previous message: Guangguan Wang: "Re: [PATCH net v2 2/2] net/smc: correct the reason code in smc_listen_find_device when fallback"
In reply to: Ingo Molnar: "Re: [PATCH RFC 1/7] x86/head/64: Mark startup_gdt and startup_gdt_descr as __initdata"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Oct 17, 2023 at 09:02:27PM +0800, Ingo Molnar wrote:
>
> * Hou Wenlong <houwenlong.hwl@xxxxxxxxxxxx> wrote:
>
> > Hi Ingo,
> >
> > I have sent patch #6 separately for x86. Do you have any ideas about
> > building the head code as PIE? Should I resend the patchset for the PIE
> > feature?
>
> So I had a brief look, and despite reading 0/43 it was unclear to me what
> the precise advantages of building as PIE are.
>
> Ie. could you please outline:
>
> - *Exactly* how much PIE based KASLR randomization would gain us in terms
> of randomization granularity and effective number of randomization bits,
> compared to the current status quo?
>
> - How is code generation changed at the instruction level - how does
> kernel size change and what are the micro-advantages/disadvantages?
>
> - Are there any other advantages/motivation than improving KASLR?
>
> Ie. before asking us to apply ~50 patches and add a whole new build mode
> and the maintainance overhead to support it into infinity and beyond, could
> you please offer a better list of pros and cons?
>
Hi Ingo,

Thanks for your reply. I apologize for the confusion. Waht I meant to
say is that I would like to resend the remaining part of this patchset
that building the head code as PIE. As mentioned in the cover letter,
building the head code as PIE can eliminate certain workarounds such as
the "fixup_pointer" in head64.c and the inline assembly in
mem_encrypt_identity.c. This is considered a cleanup. However, it is
still necessary to use inline assembly to obtain the absolute symbol
value during the pagetable building process.

Regarding the entire PIE patchset, I agree that it is complex and there
are no obvious use cases apart from improving KASLR. As mentioned
earlier, the primary motivation is to increase the flexibility of the
kernel image address rather than prioritizing security, enabling the
kernel image to be placed at any virtual address. The use cases in our
internal environment are specific and not widespread, so we do not feel
an urgent need to push it forward at the moment.

Thanks!

> Thanks,
>
> Ingo

Next message: Nikolay Borisov: "Re: [PATCH v14 07/23] x86/virt/tdx: Add skeleton to enable TDX on demand"
Previous message: Guangguan Wang: "Re: [PATCH net v2 2/2] net/smc: correct the reason code in smc_listen_find_device when fallback"
In reply to: Ingo Molnar: "Re: [PATCH RFC 1/7] x86/head/64: Mark startup_gdt and startup_gdt_descr as __initdata"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]