On Fri, Feb 1, 2019 at 8:28 AM Thomas Garnier <thgarnie@xxxxxxxxxxxx> wrote: > These patches make the changes necessary to build the kernel as Position > Independent Executable (PIE) on x86_64. A PIE kernel can be relocated below > the top 2G of the virtual address space. It allows to optionally extend the > KASLR randomization range from 1G to 3G. The chosen range is the one currently > available, future changes will allow the kernel module to have a wider > randomization range. This also lays the groundwork for doing compilation-unit-granularity KASLR, as Kristen has been working on. With PIE working, the relocations are more sane and boot-time reordering becomes possible (or at least, it becomes the same logically as doing the work on modules, etc). -- Kees Cook _______________________________________________ Virtualization mailing list Virtualization@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linuxfoundation.org/mailman/listinfo/virtualization
