X86/Pie: Make Kernel Image's Virtual Address Flexible - Wenlong Hou, Ant Group

X86/Pie: Make Kernel Image's Virtual Address Flexible - Wenlong Hou, Ant Group

Code reuse attacks reuse existing code snippets to bypass existing memory protections. However, the X86_64 Linux kernel image is located in the top 2G of the address space, and even with KASLR, it can only be relocated within the top 2G. This makes it easy for an attacker to guess the virtual address. By building the kernel as Position Independent Executables (PIE), it can be placed in any virtual address, thereby increasing the number of possible locations and making it harder for an attacker to guess the virtual address. This also provides flexibility to the kernel image's virtual address, allowing it to be placed in the low half of the address space. This presentation will demonstrate the implementation of the X86 kernel relocation and explain how to build the X86_64 Linux kernel as PIE and relocate it below the top 2G.