New Patches Aim To Tackle Linux x86_64 PIE Support

Written by Michael Larabel in Linux Kernel on 7 May 2023 at 06:27 AM EDT. 5 Comments
LINUX KERNEL
Going back years there has been patches for allowing the Linux x86_64 kernel to build as Position Independent Executable (PIE) code to further enhance the system security. Antgroup engineers most recently have been tackling the Linux x86_64 PIE support and last week sent out a new patch series.

Based on the Linux PIE patches from a few years ago, Hou Wenlong with the Antgroup sent out updated patches for allowing Linux x86_64 PIE builds:
"These patches make the changes necessary to build the kernel as Position Independent Executable (PIE) on x86_64. A PIE kernel can be relocated below the top 2G of the virtual address space. And this patchset provides an example to allow kernel image to be relocated in top 512G of the address space.

The ultimate purpose for PIE kernel is to increase the security of the the kernel and also the [flexibility] of the kernel image's virtual address, which can be even in the low half of the address space. More locations the kernel can fit in, this means an attacker could guess harder.

The patchset is based on Thomas Garnier's X86 PIE patchset v6 and v11. However, some design changes are made and some bugs are fixed by testing with different configurations and compilers."

While making the Linux kernel a Position Independent Executable enhances system security, the downside is the possibility of a larger kernel image and slightly higher instruction count that could impact performance.

Those interested in learning more about this fresh take on Linux x86_64 PIE support can see this patch series currently carrying a "request for comments" tag.
5 Comments
Related News
New Linux Patch Establishes "CONFIG_X86_64_NATIVE" For -march=native Kernel Builds
Perf Support For 2,048 CPU Cores Is Becoming Not Enough - Patches Bump Kernel Limit
Linux 6.13-rc2 Released With An Initial Batch Of Fixes
Linux EFI Zboot Abandoning "Compression Library Museum", Focusing On Gzip & Zstd
Linux 6.13-rc2 To Workaround Buggy Intel Lunar Lake Leading To Responsiveness Issues
More Kernel Bitrot: Old & Busted UltraSPARC T2 "Niagara 2" SPU Driver Slated For Removal
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week
OpenWrt Affected By Security Issue That Could Have Led To Compromised Build Artifacts
Linus Torvalds Comes Out Against "Completely Broken" x86_64 Feature Levels
How AMD Is Taking Standard C/C++ Code To Run Directly On GPUs
Linux EFI Zboot Abandoning "Compression Library Museum", Focusing On Gzip & Zstd
Ptyxis Becomes Ubuntu's Recommended Replacement To GNOME Terminal
COSMIC Alpha 4 Released For System76's Rust-Based Desktop
GNU Shepherd 1.0 Service Manager Released As "Solid Tool" Alternative To systemd
KDE Starts December By Landing A Number Of New Features