From: Rob Herring <robh@kernel.org>
To: Chen Wandun <chenwandun1@gmail.com>
Cc: kexec@lists.infradead.org, linux-doc@vger.kernel.org,
linux-kernel@vger.kernel.org,
linux-arm-kernel@lists.infradead.org, loongarch@lists.linux.dev,
linux-riscv@lists.infradead.org, devicetree@vger.kernel.org,
akpm@linux-foundation.org, bhe@redhat.com, rppt@kernel.org,
pasha.tatashin@soleen.com, pratyush@kernel.org,
ruirui.yang@linux.dev, corbet@lwn.net, skhan@linuxfoundation.org,
catalin.marinas@arm.com, will@kernel.org, chenhuacai@kernel.org,
kernel@xen0n.name, pjw@kernel.org, palmer@dabbelt.com,
aou@eecs.berkeley.edu, saravanak@kernel.org,
chenwandun@lixiang.com, zhaomeijing@lixiang.com,
everyzhao@126.com
Subject: Re: [PATCH 02/11] of: reserved_mem: reject reserved memory outside physical address range
Date: Tue, 5 May 2026 20:51:12 -0500 [thread overview]
Message-ID: <20260506015112.GA286568-robh@kernel.org> (raw)
In-Reply-To: <20260429065831.1510858-3-chenwandun@lixiang.com>
On Wed, Apr 29, 2026 at 02:58:22PM +0800, Chen Wandun wrote:
> early_init_dt_reserve_memory() does not validate whether the region
> falls within physical memory. If a device tree incorrectly specifies a
> reserved memory region outside the physical address range:
>
> - For the non-nomap path, memblock_reserve() blindly adds the region
> to memblock.reserved, creating a stale entry that refers to
> non-existent memory.
>
> - For the nomap path, memblock_mark_nomap() silently fails to match
> any region in memblock.memory, but still returns success.
>
> Add a memblock_overlaps_region() check at the entry of
> early_init_dt_reserve_memory() to reject such regions before any
> memblock operation takes place. This also simplifies the existing nomap
> guard: the original "overlaps && is_reserved" condition reduces to just
> "is_reserved", since the overlap with physical memory is already
> guaranteed by the new check.
While I agree, I suspect we already have cases abusing reserved-memory
like this.
>
> Signed-off-by: Chen Wandun <chenwandun@lixiang.com>
> Tested-by: Zhao Meijing <zhaomeijing@lixiang.com>
> ---
> drivers/of/of_reserved_mem.c | 15 +++++++++++----
> 1 file changed, 11 insertions(+), 4 deletions(-)
>
> diff --git a/drivers/of/of_reserved_mem.c b/drivers/of/of_reserved_mem.c
> index 9d1b0193864c..03c676052dab 100644
> --- a/drivers/of/of_reserved_mem.c
> +++ b/drivers/of/of_reserved_mem.c
> @@ -112,14 +112,21 @@ static int fdt_fixup_reserved_mem_node(unsigned long node,
> static int __init early_init_dt_reserve_memory(phys_addr_t base,
> phys_addr_t size, bool nomap)
> {
> + if (!memblock_overlaps_region(&memblock.memory, base, size)) {
> + phys_addr_t end = base + size - 1;
> +
> + pr_warn("Reserved memory region %pa..%pa is outside of physical memory\n",
> + &base, &end);
> + return -EINVAL;
> + }
> +
> if (nomap) {
> /*
> * If the memory is already reserved (by another region), we
> - * should not allow it to be marked nomap, but don't worry
> - * if the region isn't memory as it won't be mapped.
> + * should not allow it to be marked nomap. The region being
> + * physical memory is guaranteed by the overlap check above.
> */
> - if (memblock_overlaps_region(&memblock.memory, base, size) &&
> - memblock_is_region_reserved(base, size))
> + if (memblock_is_region_reserved(base, size))
> return -EBUSY;
>
> return memblock_mark_nomap(base, size);
> --
> 2.43.0
>
WARNING: multiple messages have this Message-ID (diff)
From: Rob Herring <robh@kernel.org>
To: Chen Wandun <chenwandun1@gmail.com>
Cc: kexec@lists.infradead.org, linux-doc@vger.kernel.org,
linux-kernel@vger.kernel.org,
linux-arm-kernel@lists.infradead.org, loongarch@lists.linux.dev,
linux-riscv@lists.infradead.org, devicetree@vger.kernel.org,
akpm@linux-foundation.org, bhe@redhat.com, rppt@kernel.org,
pasha.tatashin@soleen.com, pratyush@kernel.org,
ruirui.yang@linux.dev, corbet@lwn.net, skhan@linuxfoundation.org,
catalin.marinas@arm.com, will@kernel.org, chenhuacai@kernel.org,
kernel@xen0n.name, pjw@kernel.org, palmer@dabbelt.com,
aou@eecs.berkeley.edu, saravanak@kernel.org,
chenwandun@lixiang.com, zhaomeijing@lixiang.com,
everyzhao@126.com
Subject: Re: [PATCH 02/11] of: reserved_mem: reject reserved memory outside physical address range
Date: Tue, 5 May 2026 20:51:12 -0500 [thread overview]
Message-ID: <20260506015112.GA286568-robh@kernel.org> (raw)
In-Reply-To: <20260429065831.1510858-3-chenwandun@lixiang.com>
On Wed, Apr 29, 2026 at 02:58:22PM +0800, Chen Wandun wrote:
> early_init_dt_reserve_memory() does not validate whether the region
> falls within physical memory. If a device tree incorrectly specifies a
> reserved memory region outside the physical address range:
>
> - For the non-nomap path, memblock_reserve() blindly adds the region
> to memblock.reserved, creating a stale entry that refers to
> non-existent memory.
>
> - For the nomap path, memblock_mark_nomap() silently fails to match
> any region in memblock.memory, but still returns success.
>
> Add a memblock_overlaps_region() check at the entry of
> early_init_dt_reserve_memory() to reject such regions before any
> memblock operation takes place. This also simplifies the existing nomap
> guard: the original "overlaps && is_reserved" condition reduces to just
> "is_reserved", since the overlap with physical memory is already
> guaranteed by the new check.
While I agree, I suspect we already have cases abusing reserved-memory
like this.
>
> Signed-off-by: Chen Wandun <chenwandun@lixiang.com>
> Tested-by: Zhao Meijing <zhaomeijing@lixiang.com>
> ---
> drivers/of/of_reserved_mem.c | 15 +++++++++++----
> 1 file changed, 11 insertions(+), 4 deletions(-)
>
> diff --git a/drivers/of/of_reserved_mem.c b/drivers/of/of_reserved_mem.c
> index 9d1b0193864c..03c676052dab 100644
> --- a/drivers/of/of_reserved_mem.c
> +++ b/drivers/of/of_reserved_mem.c
> @@ -112,14 +112,21 @@ static int fdt_fixup_reserved_mem_node(unsigned long node,
> static int __init early_init_dt_reserve_memory(phys_addr_t base,
> phys_addr_t size, bool nomap)
> {
> + if (!memblock_overlaps_region(&memblock.memory, base, size)) {
> + phys_addr_t end = base + size - 1;
> +
> + pr_warn("Reserved memory region %pa..%pa is outside of physical memory\n",
> + &base, &end);
> + return -EINVAL;
> + }
> +
> if (nomap) {
> /*
> * If the memory is already reserved (by another region), we
> - * should not allow it to be marked nomap, but don't worry
> - * if the region isn't memory as it won't be mapped.
> + * should not allow it to be marked nomap. The region being
> + * physical memory is guaranteed by the overlap check above.
> */
> - if (memblock_overlaps_region(&memblock.memory, base, size) &&
> - memblock_is_region_reserved(base, size))
> + if (memblock_is_region_reserved(base, size))
> return -EBUSY;
>
> return memblock_mark_nomap(base, size);
> --
> 2.43.0
>
_______________________________________________
linux-riscv mailing list
linux-riscv@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-riscv
next prev parent reply other threads:[~2026-05-06 1:51 UTC|newest]
Thread overview: 40+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-04-29 6:58 [PATCH 00/11] kdump: reduce vmcore size and capture time via linux,no-dump Chen Wandun
2026-04-29 6:58 ` Chen Wandun
2026-04-29 6:58 ` [PATCH 01/11] of: reserved_mem: fix region count for nodes with multiple reg entries Chen Wandun
2026-04-29 6:58 ` Chen Wandun
2026-05-06 1:47 ` Rob Herring
2026-05-06 1:47 ` Rob Herring
2026-05-07 8:41 ` Wandun
2026-05-07 8:41 ` Wandun
2026-04-29 6:58 ` [PATCH 02/11] of: reserved_mem: reject reserved memory outside physical address range Chen Wandun
2026-04-29 6:58 ` Chen Wandun
2026-05-06 1:51 ` Rob Herring [this message]
2026-05-06 1:51 ` Rob Herring
2026-05-07 9:35 ` Wandun
2026-05-07 9:35 ` Wandun
2026-04-29 6:58 ` [PATCH 03/11] of: reserved_mem: avoid unconditional save of reg entries in fdt_scan_reserved_mem_late() Chen Wandun
2026-04-29 6:58 ` Chen Wandun
2026-04-29 6:58 ` [PATCH 04/11] of: reserved_mem: skip reserved_mem array allocation when there is nothing to save Chen Wandun
2026-04-29 6:58 ` Chen Wandun
2026-04-29 6:58 ` [PATCH 05/11] of: reserved_mem: add linux,no-dump property support for reserved memory regions Chen Wandun
2026-04-29 6:58 ` Chen Wandun
2026-05-06 14:45 ` Rob Herring
2026-05-06 14:45 ` Rob Herring
2026-05-07 9:41 ` Wandun
2026-05-07 9:41 ` Wandun
2026-04-29 6:58 ` [PATCH 06/11] of: reserved_mem: save /memreserve/ entries into reserved_mem array Chen Wandun
2026-04-29 6:58 ` Chen Wandun
2026-04-29 6:58 ` [PATCH 07/11] of: reserved_mem: add no-dump crash_mem exclusion helpers Chen Wandun
2026-04-29 6:58 ` Chen Wandun
2026-05-06 14:50 ` Rob Herring
2026-05-06 14:50 ` Rob Herring
2026-05-07 8:48 ` Wandun
2026-05-07 8:48 ` Wandun
2026-04-29 6:58 ` [PATCH 08/11] arm64: kdump: exclude no-dump reserved memory regions from vmcore Chen Wandun
2026-04-29 6:58 ` Chen Wandun
2026-04-29 6:58 ` [PATCH 09/11] riscv: " Chen Wandun
2026-04-29 6:58 ` Chen Wandun
2026-04-29 6:58 ` [PATCH 10/11] loongarch: " Chen Wandun
2026-04-29 6:58 ` Chen Wandun
2026-04-29 6:58 ` [PATCH 11/11] Documentation: admin-guide: kdump: document linux,no-dump DT property Chen Wandun
2026-04-29 6:58 ` Chen Wandun
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260506015112.GA286568-robh@kernel.org \
--to=robh@kernel.org \
--cc=akpm@linux-foundation.org \
--cc=aou@eecs.berkeley.edu \
--cc=bhe@redhat.com \
--cc=catalin.marinas@arm.com \
--cc=chenhuacai@kernel.org \
--cc=chenwandun1@gmail.com \
--cc=chenwandun@lixiang.com \
--cc=corbet@lwn.net \
--cc=devicetree@vger.kernel.org \
--cc=everyzhao@126.com \
--cc=kernel@xen0n.name \
--cc=kexec@lists.infradead.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-riscv@lists.infradead.org \
--cc=loongarch@lists.linux.dev \
--cc=palmer@dabbelt.com \
--cc=pasha.tatashin@soleen.com \
--cc=pjw@kernel.org \
--cc=pratyush@kernel.org \
--cc=rppt@kernel.org \
--cc=ruirui.yang@linux.dev \
--cc=saravanak@kernel.org \
--cc=skhan@linuxfoundation.org \
--cc=will@kernel.org \
--cc=zhaomeijing@lixiang.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.