On 9/25/24 08:01, Ard Biesheuvel wrote:
From: Ard Biesheuvel <ardb@xxxxxxxxxx>
As an intermediate step towards enabling PIE linking for the 64-bit x86
kernel, enable PIE codegen for all objects that are linked into the
kernel proper.
This substantially reduces the number of relocations that need to be
processed when booting a relocatable KASLR kernel.
This really seems like going completely backwards to me.
You are imposing a more restrictive code model on the kernel, optimizing
for boot time in a way that will exert a permanent cost on the running
kernel.
There is a *huge* difference between the kernel and user space here:
KERNEL MEMORY IS PERMANENTLY ALLOCATED, AND IS NEVER SHARED.
Dirtying user pages requires them to be unshared and dirty, which is
undesirable. Kernel pages are *always* unshared and dirty.
It also brings us much closer to the ordinary PIE relocation model used
for most of user space, which is therefore much better supported and
less likely to create problems as we increase the range of compilers and
linkers that need to be supported.
We have been resisting *for ages* making the kernel worse to accomodate
broken compilers. We don't "need" to support more compilers -- we need
the compilers to support us. We have working compilers; any new compiler
that wants to play should be expected to work correctly.
-hpa