On Tue, Aug 6, 2019 at 8:51 AM Peter Zijlstra <peterz@xxxxxxxxxxxxx> wrote: > > On Tue, Aug 06, 2019 at 05:43:47PM +0200, Borislav Petkov wrote: > > On Tue, Jul 30, 2019 at 12:12:44PM -0700, Thomas Garnier wrote: > > > These patches make some of the changes necessary to build the kernel as > > > Position Independent Executable (PIE) on x86_64. Another patchset will > > > add the PIE option and larger architecture changes. > > > > Yeah, about this: do we have a longer writeup about the actual benefits > > of all this and why we should take this all? After all, after looking > > at the first couple of asm patches, it is posing restrictions to how > > we deal with virtual addresses in asm (only RIP-relative addressing in > > 64-bit mode, MOVs with 64-bit immediates, etc, for example) and I'm > > willing to bet money that some future unrelated change will break PIE > > sooner or later. The goal is being able to extend the range of addresses where the kernel can be placed with KASLR. I will look at clarifying that in the future. > > Possibly objtool can help here; it should be possible to teach it about > these rules, and then it will yell when violated. That should avoid > regressions. > I will look into that as well.