| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAAi7L5fxqiMMGJi2xB42L+A-xVQwx=10TBG_kU15=q=i=6kcbw@mail.gmail.com>
Date: Thu, 23 Oct 2025 16:23:58 -0700
From: Michał Cłapiński <mclapinski@...gle.com>
To: Dave Hansen <dave.hansen@...el.com>
Cc: Thomas Gleixner <tglx@...utronix.de>, Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>,
Dave Hansen <dave.hansen@...ux.intel.com>, Chris Li <chrisl@...nel.org>, x86@...nel.org,
"H. Peter Anvin" <hpa@...or.com>, Ard Biesheuvel <ardb@...nel.org>, Dan Williams <dan.j.williams@...el.com>,
Pasha Tatashin <pasha.tatashin@...een.com>, linux-kernel@...r.kernel.org
Subject: Re: [PATCH v2 1/1] x86/boot/compressed: Fix avoiding memmap in
physical KASLR
On Thu, Oct 23, 2025 at 1:29 PM Dave Hansen <dave.hansen@...el.com> wrote:
>
> On 10/22/25 16:37, Michal Clapinski wrote:
> ...
> > But it would not disable physical KASLR for:
> > memmap=1G!4G memmap=1G!5G memmap=1G!6G memmap=1G!7G memmap=1G!8G
> > since the whole function would be called 5 times and the last `if`
> > would never trigger.
>
> I'm missing something about how this works.
>
> The:
>
> static int i;
>
> is static so should be keeping state across function calls. For the
> purposes of checking 'i', why does it matter if the function is called
> one time with 5 arguments or 5 times with 1? Doesn't 'i' end up at the
> same value either way?
Sorry for not explaining it better (again).
Let's look at the original function:
static void mem_avoid_memmap(char *str)
{
static int i;
if (i >= MAX_MEMMAP_REGIONS)
return;
while (str && (i < MAX_MEMMAP_REGIONS)) {
int rc;
u64 start, size;
char *k = strchr(str, ',');
if (k)
*k++ = 0;
rc = parse_memmap(str, &start, &size);
if (rc < 0)
break;
str = k;
if (start == 0) {
/* Store the specified memory limit if size > 0 */
if (size > 0 && size < mem_limit)
mem_limit = size;
continue;
}
mem_avoid[MEM_AVOID_MEMMAP_BEGIN + i].start = start;
mem_avoid[MEM_AVOID_MEMMAP_BEGIN + i].size = size;
i++;
}
/* More than 4 memmaps, fail kaslr */
if ((i >= MAX_MEMMAP_REGIONS) && str)
memmap_too_large = true;
}
If called once, the `i` gets to 4 and the while loop exits. Then the
last if executes, since `i` is equal to MAX_MEMMAP_REGIONS and `str`
is non-null (if there are more than 4 memmap regions provided). So
memmap_too_large is set and kaslr is disabled.
If called 5 times, on the 4th time `i` will indeed be also equal to 4
but the last `if` never executes since `str` is null. On the 5th time,
we exit the function via the first `if` and memmap_too_large never
gets set.
Powered by blists - more mailing lists