| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20251022233743.1134103-1-mclapinski@google.com>
Date: Thu, 23 Oct 2025 01:37:43 +0200
From: Michal Clapinski <mclapinski@...gle.com>
To: Thomas Gleixner <tglx@...utronix.de>, Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>,
Dave Hansen <dave.hansen@...ux.intel.com>, Chris Li <chrisl@...nel.org>, x86@...nel.org
Cc: "H. Peter Anvin" <hpa@...or.com>, Ard Biesheuvel <ardb@...nel.org>,
Michal Clapinski <mclapinski@...gle.com>, Dan Williams <dan.j.williams@...el.com>,
Pasha Tatashin <pasha.tatashin@...een.com>, linux-kernel@...r.kernel.org
Subject: [PATCH v2 1/1] x86/boot/compressed: Fix avoiding memmap in physical KASLR
The intent of the code was to cancel KASLR if there are more than 4
memmap args. Unfortunately, it was only doing that if the memmap args
were comma delimited, not if they were entirely separate.
So it would disable physical KASLR for:
memmap=1G!4G,1G!5G,1G!6G,1G!7G,1G!8G
since the whole function is just called once and we hit the `if` at
the end of the function.
But it would not disable physical KASLR for:
memmap=1G!4G memmap=1G!5G memmap=1G!6G memmap=1G!7G memmap=1G!8G
since the whole function would be called 5 times and the last `if`
would never trigger.
For the second input, the code would avoid the first 4 memmap regions
but not the last one (it could put the kernel there).
The new code disables physical KASLR for both of those inputs.
Signed-off-by: Michal Clapinski <mclapinski@...gle.com>
Suggested-by: Chris Li <chrisl@...nel.org>
Fixes: d52e7d5a952c ("x86/KASLR: Parse all 'memmap=' boot option entries")
---
The patch was suggested by Chris and I modified it a little without his
knowledge. I don't know which tags are appropriate.
---
arch/x86/boot/compressed/kaslr.c | 18 +++++++++---------
1 file changed, 9 insertions(+), 9 deletions(-)
diff --git a/arch/x86/boot/compressed/kaslr.c b/arch/x86/boot/compressed/kaslr.c
index 3b0948ad449f..649264503ce6 100644
--- a/arch/x86/boot/compressed/kaslr.c
+++ b/arch/x86/boot/compressed/kaslr.c
@@ -162,14 +162,18 @@ static void mem_avoid_memmap(char *str)
{
static int i;
- if (i >= MAX_MEMMAP_REGIONS)
- return;
-
- while (str && (i < MAX_MEMMAP_REGIONS)) {
+ while (str) {
int rc;
u64 start, size;
- char *k = strchr(str, ',');
+ char *k;
+
+ if (i >= MAX_MEMMAP_REGIONS) {
+ /* Too many memmap regions, disable physical KASLR. */
+ memmap_too_large = true;
+ return;
+ }
+ k = strchr(str, ',');
if (k)
*k++ = 0;
@@ -190,10 +194,6 @@ static void mem_avoid_memmap(char *str)
mem_avoid[MEM_AVOID_MEMMAP_BEGIN + i].size = size;
i++;
}
-
- /* More than 4 memmaps, fail kaslr */
- if ((i >= MAX_MEMMAP_REGIONS) && str)
- memmap_too_large = true;
}
/* Store the number of 1GB huge pages which users specified: */
--
2.51.1.814.gb8fa24458f-goog
Powered by blists - more mailing lists