| Message ID | 20190520231948.49693-6-thgarnie@chromium.org (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | x86: PIE support to extend KASLR randomization | expand |
On Mon, May 20, 2019 at 04:19:30PM -0700, Thomas Garnier wrote: > From: Thomas Garnier <thgarnie@google.com> > > Change the assembly code to use only relative references of symbols for the > kernel to be PIE compatible. > > Position Independent Executable (PIE) support will allow to extend the > KASLR randomization range below 0xffffffff80000000. > > Signed-off-by: Thomas Garnier <thgarnie@google.com> > --- > arch/x86/entry/entry_64.S | 16 +++++++++++----- > 1 file changed, 11 insertions(+), 5 deletions(-) > > diff --git a/arch/x86/entry/entry_64.S b/arch/x86/entry/entry_64.S > index 20e45d9b4e15..e99b3438aa9b 100644 > --- a/arch/x86/entry/entry_64.S > +++ b/arch/x86/entry/entry_64.S > @@ -1268,7 +1268,8 @@ ENTRY(error_entry) > movl %ecx, %eax /* zero extend */ > cmpq %rax, RIP+8(%rsp) > je .Lbstep_iret > - cmpq $.Lgs_change, RIP+8(%rsp) > + leaq .Lgs_change(%rip), %rcx > + cmpq %rcx, RIP+8(%rsp) > jne .Lerror_entry_done > > /* > @@ -1465,10 +1466,10 @@ ENTRY(nmi) > * resume the outer NMI. > */ > > - movq $repeat_nmi, %rdx > + leaq repeat_nmi(%rip), %rdx > cmpq 8(%rsp), %rdx > ja 1f > - movq $end_repeat_nmi, %rdx > + leaq end_repeat_nmi(%rip), %rdx > cmpq 8(%rsp), %rdx > ja nested_nmi_out > 1: > @@ -1522,7 +1523,8 @@ nested_nmi: > pushq %rdx > pushfq > pushq $__KERNEL_CS > - pushq $repeat_nmi > + leaq repeat_nmi(%rip), %rdx > + pushq %rdx > > /* Put stack back */ > addq $(6*8), %rsp > @@ -1561,7 +1563,11 @@ first_nmi: > addq $8, (%rsp) /* Fix up RSP */ > pushfq /* RFLAGS */ > pushq $__KERNEL_CS /* CS */ > - pushq $1f /* RIP */ > + pushq $0 /* Futur return address */ typo: Future > + pushq %rax /* Save RAX */ > + leaq 1f(%rip), %rax /* RIP */ > + movq %rax, 8(%rsp) /* Put 1f on return address */ > + popq %rax /* Restore RAX */ > iretq /* continues at repeat_nmi below */ > UNWIND_HINT_IRET_REGS > 1: Other than that: Reviewed-by: Kees Cook <keescook@chromium.org>
diff --git a/arch/x86/entry/entry_64.S b/arch/x86/entry/entry_64.S index 20e45d9b4e15..e99b3438aa9b 100644 --- a/arch/x86/entry/entry_64.S +++ b/arch/x86/entry/entry_64.S @@ -1268,7 +1268,8 @@ ENTRY(error_entry) movl %ecx, %eax /* zero extend */ cmpq %rax, RIP+8(%rsp) je .Lbstep_iret - cmpq $.Lgs_change, RIP+8(%rsp) + leaq .Lgs_change(%rip), %rcx + cmpq %rcx, RIP+8(%rsp) jne .Lerror_entry_done /* @@ -1465,10 +1466,10 @@ ENTRY(nmi) * resume the outer NMI. */ - movq $repeat_nmi, %rdx + leaq repeat_nmi(%rip), %rdx cmpq 8(%rsp), %rdx ja 1f - movq $end_repeat_nmi, %rdx + leaq end_repeat_nmi(%rip), %rdx cmpq 8(%rsp), %rdx ja nested_nmi_out 1: @@ -1522,7 +1523,8 @@ nested_nmi: pushq %rdx pushfq pushq $__KERNEL_CS - pushq $repeat_nmi + leaq repeat_nmi(%rip), %rdx + pushq %rdx /* Put stack back */ addq $(6*8), %rsp @@ -1561,7 +1563,11 @@ first_nmi: addq $8, (%rsp) /* Fix up RSP */ pushfq /* RFLAGS */ pushq $__KERNEL_CS /* CS */ - pushq $1f /* RIP */ + pushq $0 /* Futur return address */ + pushq %rax /* Save RAX */ + leaq 1f(%rip), %rax /* RIP */ + movq %rax, 8(%rsp) /* Put 1f on return address */ + popq %rax /* Restore RAX */ iretq /* continues at repeat_nmi below */ UNWIND_HINT_IRET_REGS 1: