Re: Regression in 6.1.81: Missing memory in pmem device

From: Ard Biesheuvel
Date: Thu May 16 2024 - 13:22:57 EST

Next message: Paolo Bonzini: "Re: [PATCH v15 09/20] KVM: SEV: Add support to handle MSR based Page State Change VMGEXIT"
Previous message: Jakub Sitnicki: "Re: [PATCH bpf-next] bpf: tcp: Improve bpf write tcp opt performance"
In reply to: Chaney, Ben: "Re: Regression in 6.1.81: Missing memory in pmem device"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, 16 May 2024 at 16:59, Chaney, Ben <bchaney@xxxxxxxxxx> wrote:
>
> The 'nokaslr' flag does work around this issue, but using it has a few downsides.
>
> First, we would like the security benefit provided be ASLR.

We wouldn't need to disable virtual KASLR only physical KASLR.

> Also, this imposes a restriction on what memmaps are possible. It would then be required to have them offset from the beginning of the memory.
>

Relying on the KASLR code to move the kernel away from the base of RAM
is rather risky - even when KASLR is in effect, the logic will fall
back to placement at the base of memory if physical randomization is
not possible for any reason.

> I also think there are a few other features that may be impacted by this, that were not addressed by the patch. crashkernel and pstore both probably need physical kaslr disabled as well.
>

Please reply to the patch if you have any comments on it. Thanks.

Next message: Paolo Bonzini: "Re: [PATCH v15 09/20] KVM: SEV: Add support to handle MSR based Page State Change VMGEXIT"
Previous message: Jakub Sitnicki: "Re: [PATCH bpf-next] bpf: tcp: Improve bpf write tcp opt performance"
In reply to: Chaney, Ben: "Re: Regression in 6.1.81: Missing memory in pmem device"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]