On 2020/02/10 13:11, whistlez...@riseup.net wrote: > On Mon, Feb 10, 2020 at 09:45:06AM -0000, Stuart Henderson wrote: > > On 2020-02-10, Janne Johansson <icepic...@gmail.com> wrote: > > > Den lör 8 feb. 2020 kl 11:31 skrev <whistlez...@riseup.net>: > > > > > >> Hi, > > >> I have some strange output from dmesg, what could be ? > > >> At the follwoing link I've posted some screenshots: > > >> https://postimg.cc/gallery/1o4wsaw74/ > > >> > > > > > > dmesg is contained in a memory buffer with (hopefully) room for more than > > > one dmesg, so you can get > > > previous versions listed when you run it. If the memory gets slightly > > > corrupted during reboots, > > > I guess the "other" dmesgs can come out as garbage, based on how memory > > > gets reused or > > > reallocated in the time between reboot and next boot when the OS isn't in > > > control of the > > > RAM. > > > > From the contents, this one looks like it was probably overwritten with > > some UEFI code during boot. > > > > Could be a UEFI rootkit ? Or something that from UEFI try to inject code > in the kernel ? > >
I think it is probably normal operation of your machine. It just happened to pick an area of memory where the old dmesg is located to use during boot. If bytes 0x063061 (MSG_MAGIC defined in sys/msgbuf.h) are present at the right location then it is treated as a message buffer from a previous boot. If the UEFI firmware (or BIOS or device boot code or whatever) as part of its normal operations writes to memory somewhere after that marker, but leaves the marker itself alone, it will still be treated as valid.
