New Patches Aim To Tackle Linux x86_64 PIE Support
Based on the Linux PIE patches from a few years ago, Hou Wenlong with the Antgroup sent out updated patches for allowing Linux x86_64 PIE builds:
"These patches make the changes necessary to build the kernel as Position Independent Executable (PIE) on x86_64. A PIE kernel can be relocated below the top 2G of the virtual address space. And this patchset provides an example to allow kernel image to be relocated in top 512G of the address space.
The ultimate purpose for PIE kernel is to increase the security of the the kernel and also the [flexibility] of the kernel image's virtual address, which can be even in the low half of the address space. More locations the kernel can fit in, this means an attacker could guess harder.
The patchset is based on Thomas Garnier's X86 PIE patchset v6 and v11. However, some design changes are made and some bugs are fixed by testing with different configurations and compilers."
While making the Linux kernel a Position Independent Executable enhances system security, the downside is the possibility of a larger kernel image and slightly higher instruction count that could impact performance.
Those interested in learning more about this fresh take on Linux x86_64 PIE support can see this patch series currently carrying a "request for comments" tag.