From: Mike Rapoport <rppt@kernel.org>
To: Pratyush Yadav <pratyush@kernel.org>
Cc: Alexander Graf <graf@amazon.com>,
Changyuan Lyu <changyuanl@google.com>,
Andrew Morton <akpm@linux-foundation.org>,
Baoquan He <bhe@redhat.com>,
Pasha Tatashin <pasha.tatashin@soleen.com>,
Jason Gunthorpe <jgg@nvidia.com>, Chris Li <chrisl@kernel.org>,
Jason Miu <jasonmiu@google.com>,
linux-kernel@vger.kernel.org, kexec@lists.infradead.org,
linux-mm@kvack.org
Subject: Re: [PATCH] kho: make sure folio being restored is actually from KHO
Date: Tue, 16 Sep 2025 17:37:19 +0300 [thread overview]
Message-ID: <aMl2H3BLpH3xFCOw@kernel.org> (raw)
In-Reply-To: <20250910153443.95049-1-pratyush@kernel.org>
On Wed, Sep 10, 2025 at 05:34:40PM +0200, Pratyush Yadav wrote:
> When restoring a folio using kho_restore_folio(), no sanity checks are
> done to make sure the folio actually came from a kexec handover. The
> caller is trusted to pass in the right address. If the caller has a bug
> and passes in a wrong address, an in-use folio might be "restored" and
> returned, causing all sorts of memory corruption.
>
> Harden the folio restore logic by stashing in a magic number in
> page->private along with the folio order. If the magic number does not
> match, the folio won't be touched. page->private is an unsigned long.
> The union kho_page_info splits it into two parts, with one holding the
> order and the other holding the magic number.
I think the sanity checks belongs to the core kho_restore_page() function
and kho_restore_folio() should be a thin wrapper for that, at least until
we'd need to allocate struct folio there.
> Signed-off-by: Pratyush Yadav <pratyush@kernel.org>
> ---
> kernel/kexec_handover.c | 29 ++++++++++++++++++++++++-----
> 1 file changed, 24 insertions(+), 5 deletions(-)
--
Sincerely yours,
Mike.
next prev parent reply other threads:[~2025-09-16 14:37 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-09-10 15:34 [PATCH] kho: make sure folio being restored is actually from KHO Pratyush Yadav
2025-09-10 15:44 ` Matthew Wilcox
2025-09-10 15:52 ` Pratyush Yadav
2025-09-10 15:55 ` Jason Gunthorpe
2025-09-16 13:20 ` Pratyush Yadav
2025-09-16 13:27 ` Jason Gunthorpe
2025-09-16 14:52 ` Pratyush Yadav
2025-09-16 14:37 ` Mike Rapoport [this message]
2025-09-16 14:55 ` Pratyush Yadav
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aMl2H3BLpH3xFCOw@kernel.org \
--to=rppt@kernel.org \
--cc=akpm@linux-foundation.org \
--cc=bhe@redhat.com \
--cc=changyuanl@google.com \
--cc=chrisl@kernel.org \
--cc=graf@amazon.com \
--cc=jasonmiu@google.com \
--cc=jgg@nvidia.com \
--cc=kexec@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=pasha.tatashin@soleen.com \
--cc=pratyush@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.