| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAMj1kXFc5fcXM1UCtgev+7LFyc+vuTD-M0ma31fNasOGmpQqUQ@mail.gmail.com>
Date: Thu, 6 Nov 2025 17:32:54 +0100
From: Ard Biesheuvel <ardb@...nel.org>
To: Michal Clapinski <mclapinski@...gle.com>
Cc: Thomas Gleixner <tglx@...utronix.de>, Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>,
Dave Hansen <dave.hansen@...ux.intel.com>, Chris Li <chrisl@...nel.org>, x86@...nel.org,
"H. Peter Anvin" <hpa@...or.com>, Dan Williams <dan.j.williams@...el.com>,
Pasha Tatashin <pasha.tatashin@...een.com>, linux-kernel@...r.kernel.org
Subject: Re: [PATCH v3 1/1] x86/boot/compressed: Fix avoiding memmap in
physical KASLR
On Thu, 6 Nov 2025 at 17:23, Michal Clapinski <mclapinski@...gle.com> wrote:
>
> The intent of the code was to cancel KASLR if there are more than 4
> memmap args. Unfortunately, it was only doing that if the memmap args
> were comma delimited, not if they were entirely separate.
>
> So it would disable physical KASLR for:
> memmap=1G!4G,1G!5G,1G!6G,1G!7G,1G!8G
> since the whole function is just called once and we hit the `if` at
> the end of the function.
>
> But it would not disable physical KASLR for:
> memmap=1G!4G memmap=1G!5G memmap=1G!6G memmap=1G!7G memmap=1G!8G
> The whole function would be called 5 times in total. On the 4th run the
> last `if` would not trigger since `str` would be null. On the 5th run
> we would exit early via the first `if`. That way the last `if` would
> never trigger.
>
> For the second input, the code would avoid the first 4 memmap regions
> but not the last one (it could put the kernel there).
>
> The new code disables physical KASLR for both of those inputs.
>
> Signed-off-by: Michal Clapinski <mclapinski@...gle.com>
> Suggested-by: Chris Li <chrisl@...nel.org>
> Link: https://lore.kernel.org/all/CAF8kJuMvX31n8yNWn11bo1wCgXXOwOAp8HbYpSEBy94LR6phDA@mail.gmail.com/
> Fixes: d52e7d5a952c ("x86/KASLR: Parse all 'memmap=' boot option entries")
> ---
> v3: added a link in the description and a better explanation
> v2: used Chris Li's snippet to change the flow of the function
> ---
> arch/x86/boot/compressed/kaslr.c | 18 +++++++++---------
> 1 file changed, 9 insertions(+), 9 deletions(-)
>
This looks fine to me, but as I noted before, I'd happily simply
disable physical KASLR entirely if 'memmap=' appears at all.
> diff --git a/arch/x86/boot/compressed/kaslr.c b/arch/x86/boot/compressed/kaslr.c
> index 3b0948ad449f..649264503ce6 100644
> --- a/arch/x86/boot/compressed/kaslr.c
> +++ b/arch/x86/boot/compressed/kaslr.c
> @@ -162,14 +162,18 @@ static void mem_avoid_memmap(char *str)
> {
> static int i;
>
> - if (i >= MAX_MEMMAP_REGIONS)
> - return;
> -
> - while (str && (i < MAX_MEMMAP_REGIONS)) {
> + while (str) {
> int rc;
> u64 start, size;
> - char *k = strchr(str, ',');
> + char *k;
> +
> + if (i >= MAX_MEMMAP_REGIONS) {
> + /* Too many memmap regions, disable physical KASLR. */
> + memmap_too_large = true;
> + return;
> + }
>
> + k = strchr(str, ',');
> if (k)
> *k++ = 0;
>
> @@ -190,10 +194,6 @@ static void mem_avoid_memmap(char *str)
> mem_avoid[MEM_AVOID_MEMMAP_BEGIN + i].size = size;
> i++;
> }
> -
> - /* More than 4 memmaps, fail kaslr */
> - if ((i >= MAX_MEMMAP_REGIONS) && str)
> - memmap_too_large = true;
> }
>
> /* Store the number of 1GB huge pages which users specified: */
> --
> 2.51.2.1026.g39e6a42477-goog
>
Powered by blists - more mailing lists