New Patches Aim To Tackle Linux x86_64 PIE Support

Written by Michael Larabel in Linux Kernel on 7 May 2023 at 06:27 AM EDT. 5 Comments
LINUX KERNEL
Going back years there has been patches for allowing the Linux x86_64 kernel to build as Position Independent Executable (PIE) code to further enhance the system security. Antgroup engineers most recently have been tackling the Linux x86_64 PIE support and last week sent out a new patch series.

Based on the Linux PIE patches from a few years ago, Hou Wenlong with the Antgroup sent out updated patches for allowing Linux x86_64 PIE builds:
"These patches make the changes necessary to build the kernel as Position Independent Executable (PIE) on x86_64. A PIE kernel can be relocated below the top 2G of the virtual address space. And this patchset provides an example to allow kernel image to be relocated in top 512G of the address space.

The ultimate purpose for PIE kernel is to increase the security of the the kernel and also the [flexibility] of the kernel image's virtual address, which can be even in the low half of the address space. More locations the kernel can fit in, this means an attacker could guess harder.

The patchset is based on Thomas Garnier's X86 PIE patchset v6 and v11. However, some design changes are made and some bugs are fixed by testing with different configurations and compilers."

While making the Linux kernel a Position Independent Executable enhances system security, the downside is the possibility of a larger kernel image and slightly higher instruction count that could impact performance.

Those interested in learning more about this fresh take on Linux x86_64 PIE support can see this patch series currently carrying a "request for comments" tag.
5 Comments
Related News
Linux 6.9-rc7 Released: The Kernel Is Looking Good
DRM Buddy & AMDGPU Wired Up For Clear Page Tracking In Linux 6.10
Linux 6.9-rc6 Released With This Kernel Looking "Pretty Normal"
Linux 6.9-rc5 Released: The Diffstat "Looks A Bit Wonky" But Not Bad
Linux 6.9-rc5 Picking Up Fixes For Intel FRED, BHI & GFNI/VAES Checks
Linux 6.10 Preps A Kernel Panic Screen - Sort Of A "Blue Screen of Death"
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week
systemd Rolling Out "run0" As sudo Alternative
Linux Mint Looks To Fork More GNOME Software, Make XApp More Independent
Microsoft Updates Cascadia Code: Its Open-Source Font For Developers
Rust-Written Redox OS Gets USB Keyboards & Mice Working
NetBSD On The State & Future Of X.Org/X11
Wine 9.8 Fixes Nearly 20 Year Old Bug For Installing Microsoft Office 97
AMD Enabling "Fast CPPC" For Even Greater Linux Performance & Power Efficiency On Some CPUs
Valve Publishes Steam Survey Numbers For April 2024