On Sat, Dec 31, 2022 at 07:21:06PM -0800, H. Peter Anvin wrote: > As far as the decompression itself goes, it should only a problem if we are > using physical KASLR since otherwise the kernel has a guaranteed safe zone > already allocated by the boot loader. However, if physical KASLR is in use,
No KASLR in Jason's config AFAICT: $ grep RANDOMIZE .config CONFIG_ARCH_HAS_ELF_RANDOMIZE=y CONFIG_HAVE_ARCH_RANDOMIZE_KSTACK_OFFSET=y CONFIG_RANDOMIZE_KSTACK_OFFSET=y # CONFIG_RANDOMIZE_KSTACK_OFFSET_DEFAULT is not set > then the decompressor needs to know everything there is to know about the > memory map. Yeah, we do have that but as you folks establish later in the thread, those setup_data regions would need to be avoided too. ;-\ > However, there also seems to be some kind of interaction with AMD SEV-SNP. > > > The bug appears to have been introduced by: > > b57feed2cc2622ae14b2fa62f19e973e5e0a60cf > x86/compressed/64: Add identity mappings for setup_data entries > https://lore.kernel.org/r/tycpr01mb694815cd815e98945f63c99183...@tycpr01mb6948.jpnprd01.prod.outlook.com > > ... which was included in version 5.19, so it is relatively recent. Right. We need that for the CC blob: b190a043c49a ("x86/sev: Add SEV-SNP feature detection/setup") > For a small amount of setup_data, the solution of just putting it next to > the command line makes a lot of sense, and should be safe indefinitely. Ok. Thx. -- Regards/Gruss, Boris. https://people.kernel.org/tglx/notes-about-netiquette