On Fri, Feb 7, 2014 at 11:07 AM, H. Peter Anvin <hpa at linux.intel.com> wrote: > On 02/07/2014 06:49 AM, Vivek Goyal wrote: >> >> As a workaround, Dave is currently using "nokaslr" command line parameter >> for second kernel. He is still facing issues where makedumpfile segment >> faults. He is looking into it further. >> > > Now, let's state this: kaslr for kdump is almost certainly useless (the > amount of reserved memory is not enough to provide any meaningful > randomization, so any randomization needs to happen during the memory > reservation phase.) So disabling kaslr in the kdump kernel is entirely > appropriate. Peter covered everything already, but yeah, kaslr and kdump may not make a lot of sense together, but regardless, yes, it only examines e820 for memory space. It has to do all this work before the kernel decompresses, so it's very early. -Kees -- Kees Cook Chrome OS Security
