Re: [RFC PATCH] x86/boot/compressed: Disable physical KASLR when memmap= appears

[Ard Biesheuvel]

On Fri, 7 Nov 2025 at 21:50, Borislav Petkov <bp@xxxxxxxxx> wrote:
>
> On Thu, Nov 06, 2025 at 06:30:20PM +0100, Ard Biesheuvel wrote:
> > Reported-by: Michal Clapinski <mclapinski@xxxxxxxxxx>
> > Reported-by: Chris Li <chrisl@xxxxxxxxxx>
> > Signed-off-by: Ard Biesheuvel <ardb@xxxxxxxxxx>
> > ---
> >  arch/x86/boot/compressed/kaslr.c | 100 ++-----------------------------
> >  1 file changed, 6 insertions(+), 94 deletions(-)
>
> I love diffstats like that.
>
> How about this simplification ontop of yours:
>

Yes, better, although we should still clarify that only physical
randomization is affected.

> ---
>
> diff --git a/arch/x86/boot/compressed/kaslr.c b/arch/x86/boot/compressed/kaslr.c
> index 96805d6c10a4..7875ae2d514e 100644
> --- a/arch/x86/boot/compressed/kaslr.c
> +++ b/arch/x86/boot/compressed/kaslr.c
> @@ -67,8 +67,6 @@ static unsigned long get_boot_seed(void)
>  #define KASLR_COMPRESSED_BOOT
>  #include "../../lib/kaslr.c"
>
> -static bool memmap_found;
> -
>  /*
>   * Store memory limit: MAXMEM on 64-bit and KERNEL_IMAGE_SIZE on 32-bit.
>   * It may be reduced by "mem=nn[KMG]" command line options.
> @@ -165,9 +163,7 @@ static void handle_mem_options(void)
>                 if (!val && strcmp(param, "--") == 0)
>                         break;
>
> -               if (!strcmp(param, "memmap")) {
> -                       memmap_found = true;
> -               } else if (IS_ENABLED(CONFIG_X86_64) && strstr(param, "hugepages")) {
> +               if (IS_ENABLED(CONFIG_X86_64) && strstr(param, "hugepages")) {
>                         parse_gb_huge_pages(param, val);
>                 } else if (!strcmp(param, "mem")) {
>                         char *p = val;
> @@ -724,12 +720,6 @@ static unsigned long find_random_phys_addr(unsigned long minimum,
>         if (minimum + image_size > mem_limit)
>                 return 0;
>
> -       /* Check if memmap= appears on the command line */
> -       if (memmap_found) {
> -               debug_putstr("memmap= found on the command line, disabling physical KASLR\n");
> -               return 0;
> -       }
> -
>         /*
>          * During kexec handover only process KHO scratch areas that are known
>          * not to contain any data that must be preserved.
> @@ -783,6 +773,11 @@ void choose_random_location(unsigned long input,
>                 return;
>         }
>
> +       if (cmdline_find_option_bool("memmap")) {
> +               warn("KASLR disabled: 'memmap' on cmdline.");
> +               return;
> +       }
> +
>         boot_params_ptr->hdr.loadflags |= KASLR_FLAG;
>
>         if (IS_ENABLED(CONFIG_X86_32))
>
>
> --
> Regards/Gruss,
>     Boris.
>
> https://people.kernel.org/tglx/notes-about-netiquette