lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAAi7L5fBgwUTi7J1r2WSQbQRC_kkGaTxPNBGoYPXyt4d-8srtA@mail.gmail.com>
Date: Thu, 23 Oct 2025 16:33:49 -0700
From: Michał Cłapiński <mclapinski@...gle.com>
To: Ard Biesheuvel <ardb@...nel.org>
Cc: Thomas Gleixner <tglx@...utronix.de>, Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>, 
	Dave Hansen <dave.hansen@...ux.intel.com>, Chris Li <chrisl@...nel.org>, x86@...nel.org, 
	"H. Peter Anvin" <hpa@...or.com>, Dan Williams <dan.j.williams@...el.com>, 
	Pasha Tatashin <pasha.tatashin@...een.com>, linux-kernel@...r.kernel.org
Subject: Re: [PATCH v2 1/1] x86/boot/compressed: Fix avoiding memmap in
 physical KASLR

On Thu, Oct 23, 2025 at 1:25 AM Ard Biesheuvel <ardb@...nel.org> wrote:
>
> Hi Michal,
>
> Thanks for the patch.
>
> On Thu, 23 Oct 2025 at 01:37, Michal Clapinski <mclapinski@...gle.com> wrote:
> >
> > The intent of the code was to cancel KASLR if there are more than 4
> > memmap args. Unfortunately, it was only doing that if the memmap args
> > were comma delimited, not if they were entirely separate.
> > So it would disable physical KASLR for:
> > memmap=1G!4G,1G!5G,1G!6G,1G!7G,1G!8G
> > since the whole function is just called once and we hit the `if` at
> > the end of the function.
> >
> > But it would not disable physical KASLR for:
> > memmap=1G!4G memmap=1G!5G memmap=1G!6G memmap=1G!7G memmap=1G!8G
> > since the whole function would be called 5 times and the last `if`
> > would never trigger.
> >
> > For the second input, the code would avoid the first 4 memmap regions
> > but not the last one (it could put the kernel there).
> >
> > The new code disables physical KASLR for both of those inputs.
> >
>
> Should we just disable physical KASLR if memmap= appears at all?

It would indeed fix my issue. I don't know how much security physical
KASLR provides but I'm not sure disabling security features instead of
fixing them is a good pattern.

I would actually prefer to significantly increase the
MAX_MEMMAP_REGIONS to something like 2 * MAX_NUMNODES but I'm not sure
if creating such a big static array is okay.

> > Signed-off-by: Michal Clapinski <mclapinski@...gle.com>
> > Suggested-by: Chris Li <chrisl@...nel.org>
> > Fixes: d52e7d5a952c ("x86/KASLR: Parse all 'memmap=' boot option entries")
> > ---
> > The patch was suggested by Chris and I modified it a little without his
> > knowledge. I don't know which tags are appropriate.
>
> I think this is fine, unless Chris has a different opinion? In any
> case, you might add a link to the original submission.

Will do in v2 if otherwise people are okay with this patch.

[snip]

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ