On Wed, Jan 3, 2018 at 8:35 PM, Benjamin Gilbert <benjamin.gilbert@xxxxxxxxxx> wrote: > On Wed, Jan 03, 2018 at 04:37:53PM -0800, Andy Lutomirski wrote: >> Maybe try rebuilding a bad kernel with free_ldt_pgtables() modified >> to do nothing, and the read /sys/kernel/debug/page_tables/current (or >> current_kernel, or whatever it's called). The problem may be obvious. > > current_kernel attached. I have not seen any crashes with > free_ldt_pgtables() stubbed out. I haven't reproduced it, but I think I see what's wrong. KASLR sets vaddr_end to a totally bogus value. It should be no larger than LDT_BASE_ADDR. I suspect that your vmemmap is getting randomized into the LDT range. If it weren't for that, it could just as easily land in the cpu_entry_area range. This will need fixing in all versions that aren't still called KAISER. Our memory map code is utter shite. This kind of bug should not be possible without a giant warning at boot that something is screwed up.