| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAMj1kXFqwOYBNPzNYo2vjPycjyO5SrEnk_wRVDw_dhGd8qT2qQ@mail.gmail.com>
Date: Thu, 23 Oct 2025 10:24:54 +0200
From: Ard Biesheuvel <ardb@...nel.org>
To: Michal Clapinski <mclapinski@...gle.com>
Cc: Thomas Gleixner <tglx@...utronix.de>, Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>,
Dave Hansen <dave.hansen@...ux.intel.com>, Chris Li <chrisl@...nel.org>, x86@...nel.org,
"H. Peter Anvin" <hpa@...or.com>, Dan Williams <dan.j.williams@...el.com>,
Pasha Tatashin <pasha.tatashin@...een.com>, linux-kernel@...r.kernel.org
Subject: Re: [PATCH v2 1/1] x86/boot/compressed: Fix avoiding memmap in
physical KASLR
Hi Michal,
Thanks for the patch.
On Thu, 23 Oct 2025 at 01:37, Michal Clapinski <mclapinski@...gle.com> wrote:
>
> The intent of the code was to cancel KASLR if there are more than 4
> memmap args. Unfortunately, it was only doing that if the memmap args
> were comma delimited, not if they were entirely separate.
> So it would disable physical KASLR for:
> memmap=1G!4G,1G!5G,1G!6G,1G!7G,1G!8G
> since the whole function is just called once and we hit the `if` at
> the end of the function.
>
> But it would not disable physical KASLR for:
> memmap=1G!4G memmap=1G!5G memmap=1G!6G memmap=1G!7G memmap=1G!8G
> since the whole function would be called 5 times and the last `if`
> would never trigger.
>
> For the second input, the code would avoid the first 4 memmap regions
> but not the last one (it could put the kernel there).
>
> The new code disables physical KASLR for both of those inputs.
>
Should we just disable physical KASLR if memmap= appears at all?
> Signed-off-by: Michal Clapinski <mclapinski@...gle.com>
> Suggested-by: Chris Li <chrisl@...nel.org>
> Fixes: d52e7d5a952c ("x86/KASLR: Parse all 'memmap=' boot option entries")
> ---
> The patch was suggested by Chris and I modified it a little without his
> knowledge. I don't know which tags are appropriate.
I think this is fine, unless Chris has a different opinion? In any
case, you might add a link to the original submission.
> ---
> arch/x86/boot/compressed/kaslr.c | 18 +++++++++---------
> 1 file changed, 9 insertions(+), 9 deletions(-)
>
> diff --git a/arch/x86/boot/compressed/kaslr.c b/arch/x86/boot/compressed/kaslr.c
> index 3b0948ad449f..649264503ce6 100644
> --- a/arch/x86/boot/compressed/kaslr.c
> +++ b/arch/x86/boot/compressed/kaslr.c
> @@ -162,14 +162,18 @@ static void mem_avoid_memmap(char *str)
> {
> static int i;
>
> - if (i >= MAX_MEMMAP_REGIONS)
> - return;
> -
> - while (str && (i < MAX_MEMMAP_REGIONS)) {
> + while (str) {
> int rc;
> u64 start, size;
> - char *k = strchr(str, ',');
> + char *k;
> +
> + if (i >= MAX_MEMMAP_REGIONS) {
> + /* Too many memmap regions, disable physical KASLR. */
> + memmap_too_large = true;
> + return;
> + }
>
> + k = strchr(str, ',');
> if (k)
> *k++ = 0;
>
> @@ -190,10 +194,6 @@ static void mem_avoid_memmap(char *str)
> mem_avoid[MEM_AVOID_MEMMAP_BEGIN + i].size = size;
> i++;
> }
> -
> - /* More than 4 memmaps, fail kaslr */
> - if ((i >= MAX_MEMMAP_REGIONS) && str)
> - memmap_too_large = true;
> }
>
> /* Store the number of 1GB huge pages which users specified: */
> --
> 2.51.1.814.gb8fa24458f-goog
>
Powered by blists - more mailing lists