On Thu, 16 May 2024 at 16:59, Chaney, Ben <bchaney@xxxxxxxxxx> wrote: > > The 'nokaslr' flag does work around this issue, but using it has a few downsides. > > First, we would like the security benefit provided be ASLR. We wouldn't need to disable virtual KASLR only physical KASLR. > Also, this imposes a restriction on what memmaps are possible. It would then be required to have them offset from the beginning of the memory. > Relying on the KASLR code to move the kernel away from the base of RAM is rather risky - even when KASLR is in effect, the logic will fall back to placement at the base of memory if physical randomization is not possible for any reason. > I also think there are a few other features that may be impacted by this, that were not addressed by the patch. crashkernel and pstore both probably need physical kaslr disabled as well. > Please reply to the patch if you have any comments on it. Thanks.
