On Fri, Aug 11, 2017 at 5:41 AM, Ingo Molnar <mi...@kernel.org> wrote: > > * Thomas Garnier <thgar...@google.com> wrote: > >> Changes: >> - v2: >> - Add support for global stack cookie while compiler default to fs without >> mcmodel=kernel >> - Change patch 7 to correctly jump out of the identity mapping on kexec >> load >> preserve. >> >> These patches make the changes necessary to build the kernel as Position >> Independent Executable (PIE) on x86_64. A PIE kernel can be relocated below >> the top 2G of the virtual address space. It allows to optionally extend the >> KASLR randomization range from 1G to 3G. > > So this: > > 61 files changed, 923 insertions(+), 299 deletions(-) > > ... is IMHO an _awful_ lot of churn and extra complexity in pretty fragile > pieces > of code, to gain what appears to be only ~1.5 more bits of randomization!
The range increase is a way to use PIE right away. > > Do these changes get us closer to being able to build the kernel as truly > position > independent, i.e. to place it anywhere in the valid x86-64 address space? Or > any > other advantages? Yes, PIE allows us to put the kernel anywhere in memory. It will allow us to have a full randomized address space where position and order of sections are completely random. There is still some work to get there but being able to build a PIE kernel is a significant step. > > Thanks, > > Ingo -- Thomas _______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org https://lists.xen.org/xen-devel
