[viraptor]

I think I've got a better idea now. So openbsd has ASLR which affects data, code/library, and stack positions. Then this solution works on top of it by reordering symbols within the code.

One thing I'm still not sure about is whether the kernel could theoretically do the same reordering at load time using relocatable symbols.

[wyldfire]

The assembler laid out the code within the sections and generally it's not changed after that (except for targets that do linker relaxation). However with -ffunction-sections the compiler would put each function in its own section which then can be independently relocated.

[KMag]

If each function is in its own section, then all function calls would need to be indirected through the PLT/GOT, even function calls within the same translation unit? Ouch.

[wyldfire]

No - the linker is there to resolve references among sections and can do so without PLT/GOT indirection when creating things like static archives.

There may be a code size cost in some architectures - that since the call destination can be relocated far from the call site that the assembler will need to make sure it allocates enough space to reach the call target instead of a small PCREL relocation.

[actionfromafar]

Sounds like Amiga HUNK format with the HUNK_OVERLAY hunk. For instance various functions could be loaded anywhere in memory.

[saagarjha]

The kernel needs a bit more information than that, since chunks of code can refer to each other and if you rearrange them this would break these since they're typically emitted as relative offsets.