[PATCH 1/2] kernel/kexec: Change the prototype of kimage_map_segment()

[PATCH 1/2] kernel/kexec: Change the prototype of kimage_map_segment()

[Pingfan Liu]

The kexec segment index will be required to extract the corresponding
information for that segment in kimage_map_segment(). Additionally,
kexec_segment already holds the kexec relocation destination address and
size. Therefore, the prototype of kimage_map_segment() can be changed.

Signed-off-by: Pingfan Liu <piliu@redhat.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Baoquan He <bhe@redhat.com>
Cc: Mimi Zohar <zohar@linux.ibm.com>
Cc: Roberto Sassu <roberto.sassu@huawei.com>
Cc: Alexander Graf <graf@amazon.com>
Cc: Steven Chen <chenste@linux.microsoft.com>
To: kexec@lists.infradead.org
To: linux-integrity@vger.kernel.org
---
 include/linux/kexec.h              | 4 ++--
 kernel/kexec_core.c                | 9 ++++++---
 security/integrity/ima/ima_kexec.c | 4 +---
 3 files changed, 9 insertions(+), 8 deletions(-)

diff --git a/include/linux/kexec.h b/include/linux/kexec.h
index ff7e231b0485..8a22bc9b8c6c 100644
--- a/include/linux/kexec.h
+++ b/include/linux/kexec.h
@@ -530,7 +530,7 @@ extern bool kexec_file_dbg_print;
 #define kexec_dprintk(fmt, arg...) \
         do { if (kexec_file_dbg_print) pr_info(fmt, ##arg); } while (0)
 
-extern void *kimage_map_segment(struct kimage *image, unsigned long addr, unsigned long size);
+extern void *kimage_map_segment(struct kimage *image, int idx);
 extern void kimage_unmap_segment(void *buffer);
 #else /* !CONFIG_KEXEC_CORE */
 struct pt_regs;
@@ -540,7 +540,7 @@ static inline void __crash_kexec(struct pt_regs *regs) { }
 static inline void crash_kexec(struct pt_regs *regs) { }
 static inline int kexec_should_crash(struct task_struct *p) { return 0; }
 static inline int kexec_crash_loaded(void) { return 0; }
-static inline void *kimage_map_segment(struct kimage *image, unsigned long addr, unsigned long size)
+static inline void *kimage_map_segment(struct kimage *image, int idx)
 { return NULL; }
 static inline void kimage_unmap_segment(void *buffer) { }
 #define kexec_in_progress false
diff --git a/kernel/kexec_core.c b/kernel/kexec_core.c
index fa00b239c5d9..9a1966207041 100644
--- a/kernel/kexec_core.c
+++ b/kernel/kexec_core.c
@@ -960,17 +960,20 @@ int kimage_load_segment(struct kimage *image, int idx)
 	return result;
 }
 
-void *kimage_map_segment(struct kimage *image,
-			 unsigned long addr, unsigned long size)
+void *kimage_map_segment(struct kimage *image, int idx)
 {
+	unsigned long addr, size, eaddr;
 	unsigned long src_page_addr, dest_page_addr = 0;
-	unsigned long eaddr = addr + size;
 	kimage_entry_t *ptr, entry;
 	struct page **src_pages;
 	unsigned int npages;
 	void *vaddr = NULL;
 	int i;
 
+	addr = image->segment[idx].mem;
+	size = image->segment[idx].memsz;
+	eaddr = addr + size;
+
 	/*
 	 * Collect the source pages and map them in a contiguous VA range.
 	 */
diff --git a/security/integrity/ima/ima_kexec.c b/security/integrity/ima/ima_kexec.c
index 7362f68f2d8b..5beb69edd12f 100644
--- a/security/integrity/ima/ima_kexec.c
+++ b/security/integrity/ima/ima_kexec.c
@@ -250,9 +250,7 @@ void ima_kexec_post_load(struct kimage *image)
 	if (!image->ima_buffer_addr)
 		return;
 
-	ima_kexec_buffer = kimage_map_segment(image,
-					      image->ima_buffer_addr,
-					      image->ima_buffer_size);
+	ima_kexec_buffer = kimage_map_segment(image, image->ima_segment_index);
 	if (!ima_kexec_buffer) {
 		pr_err("Could not map measurements buffer.\n");
 		return;
-- 
2.49.0

[PATCH 2/2] kernel/kexec: Fix IMA when allocation happens in CMA area

[Pingfan Liu]

When I tested kexec with the latest kernel, I ran into the following warning:

[   40.712410] ------------[ cut here ]------------
[   40.712576] WARNING: CPU: 2 PID: 1562 at kernel/kexec_core.c:1001 kimage_map_segment+0x144/0x198
[...]
[   40.816047] Call trace:
[   40.818498]  kimage_map_segment+0x144/0x198 (P)
[   40.823221]  ima_kexec_post_load+0x58/0xc0
[   40.827246]  __do_sys_kexec_file_load+0x29c/0x368
[...]
[   40.855423] ---[ end trace 0000000000000000 ]---

This is caused by the fact that kexec allocates the destination directly
in the CMA area. In that case, the CMA kernel address should be exported
directly to the IMA component, instead of using the vmalloc'd address.

Signed-off-by: Pingfan Liu <piliu@redhat.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Baoquan He <bhe@redhat.com>
Cc: Alexander Graf <graf@amazon.com>
Cc: Steven Chen <chenste@linux.microsoft.com>
Cc: linux-integrity@vger.kernel.org
To: kexec@lists.infradead.org
---
 kernel/kexec_core.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/kernel/kexec_core.c b/kernel/kexec_core.c
index 9a1966207041..abe40286a02c 100644
--- a/kernel/kexec_core.c
+++ b/kernel/kexec_core.c
@@ -967,6 +967,7 @@ void *kimage_map_segment(struct kimage *image, int idx)
 	kimage_entry_t *ptr, entry;
 	struct page **src_pages;
 	unsigned int npages;
+	struct page *cma;
 	void *vaddr = NULL;
 	int i;
 
@@ -974,6 +975,9 @@ void *kimage_map_segment(struct kimage *image, int idx)
 	size = image->segment[idx].memsz;
 	eaddr = addr + size;
 
+	cma = image->segment_cma[idx];
+	if (cma)
+		return cma;
 	/*
 	 * Collect the source pages and map them in a contiguous VA range.
 	 */
@@ -1014,7 +1018,8 @@ void *kimage_map_segment(struct kimage *image, int idx)
 
 void kimage_unmap_segment(void *segment_buffer)
 {
-	vunmap(segment_buffer);
+	if (is_vmalloc_addr(segment_buffer))
+		vunmap(segment_buffer);
 }
 
 struct kexec_load_limit {
-- 
2.49.0

Re: [PATCH 2/2] kernel/kexec: Fix IMA when allocation happens in CMA area

[Andrew Morton]

On Wed,  5 Nov 2025 21:09:22 +0800 Pingfan Liu <piliu@redhat.com> wrote:

> When I tested kexec with the latest kernel, I ran into the following warning:
> 
> [   40.712410] ------------[ cut here ]------------
> [   40.712576] WARNING: CPU: 2 PID: 1562 at kernel/kexec_core.c:1001 kimage_map_segment+0x144/0x198
> [...]
> [   40.816047] Call trace:
> [   40.818498]  kimage_map_segment+0x144/0x198 (P)
> [   40.823221]  ima_kexec_post_load+0x58/0xc0
> [   40.827246]  __do_sys_kexec_file_load+0x29c/0x368
> [...]
> [   40.855423] ---[ end trace 0000000000000000 ]---
> 
> This is caused by the fact that kexec allocates the destination directly
> in the CMA area. In that case, the CMA kernel address should be exported
> directly to the IMA component, instead of using the vmalloc'd address.

This is something we should backport into tearlier kernels.

> Signed-off-by: Pingfan Liu <piliu@redhat.com>
> Cc: Andrew Morton <akpm@linux-foundation.org>
> Cc: Baoquan He <bhe@redhat.com>
> Cc: Alexander Graf <graf@amazon.com>
> Cc: Steven Chen <chenste@linux.microsoft.com>
> Cc: linux-integrity@vger.kernel.org
> To: kexec@lists.infradead.org

So I'm thinking we should add

Fixes: 0091d9241ea2 ("kexec: define functions to map and unmap segments")
Cc: <stable@vger.kernel.org>

yes?

Re: [PATCH 2/2] kernel/kexec: Fix IMA when allocation happens in CMA area

[Pingfan Liu]

On Thu, Nov 6, 2025 at 8:14 AM Andrew Morton <akpm@linux-foundation.org> wrote:
>
> On Wed,  5 Nov 2025 21:09:22 +0800 Pingfan Liu <piliu@redhat.com> wrote:
>
> > When I tested kexec with the latest kernel, I ran into the following warning:
> >
> > [   40.712410] ------------[ cut here ]------------
> > [   40.712576] WARNING: CPU: 2 PID: 1562 at kernel/kexec_core.c:1001 kimage_map_segment+0x144/0x198
> > [...]
> > [   40.816047] Call trace:
> > [   40.818498]  kimage_map_segment+0x144/0x198 (P)
> > [   40.823221]  ima_kexec_post_load+0x58/0xc0
> > [   40.827246]  __do_sys_kexec_file_load+0x29c/0x368
> > [...]
> > [   40.855423] ---[ end trace 0000000000000000 ]---
> >
> > This is caused by the fact that kexec allocates the destination directly
> > in the CMA area. In that case, the CMA kernel address should be exported
> > directly to the IMA component, instead of using the vmalloc'd address.
>
> This is something we should backport into tearlier kernels.
>
> > Signed-off-by: Pingfan Liu <piliu@redhat.com>
> > Cc: Andrew Morton <akpm@linux-foundation.org>
> > Cc: Baoquan He <bhe@redhat.com>
> > Cc: Alexander Graf <graf@amazon.com>
> > Cc: Steven Chen <chenste@linux.microsoft.com>
> > Cc: linux-integrity@vger.kernel.org
> > To: kexec@lists.infradead.org
>
> So I'm thinking we should add
>
> Fixes: 0091d9241ea2 ("kexec: define functions to map and unmap segments")
> Cc: <stable@vger.kernel.org>
>
> yes?
>

Yes, it should be. Thanks for your help!


Best Regards,

Pingfan

Re: [PATCH 2/2] kernel/kexec: Fix IMA when allocation happens in CMA area

[Pingfan Liu]

Hi Andrew,

Thanks for your help, but on second thought, I think the Fixes commit is wrong.

On Thu, Nov 6, 2025 at 8:14 AM Andrew Morton <akpm@linux-foundation.org> wrote:
>
> On Wed,  5 Nov 2025 21:09:22 +0800 Pingfan Liu <piliu@redhat.com> wrote:
>
> > When I tested kexec with the latest kernel, I ran into the following warning:
> >
> > [   40.712410] ------------[ cut here ]------------
> > [   40.712576] WARNING: CPU: 2 PID: 1562 at kernel/kexec_core.c:1001 kimage_map_segment+0x144/0x198
> > [...]
> > [   40.816047] Call trace:
> > [   40.818498]  kimage_map_segment+0x144/0x198 (P)
> > [   40.823221]  ima_kexec_post_load+0x58/0xc0
> > [   40.827246]  __do_sys_kexec_file_load+0x29c/0x368
> > [...]
> > [   40.855423] ---[ end trace 0000000000000000 ]---
> >
> > This is caused by the fact that kexec allocates the destination directly
> > in the CMA area. In that case, the CMA kernel address should be exported
> > directly to the IMA component, instead of using the vmalloc'd address.
>
> This is something we should backport into tearlier kernels.
>
> > Signed-off-by: Pingfan Liu <piliu@redhat.com>
> > Cc: Andrew Morton <akpm@linux-foundation.org>
> > Cc: Baoquan He <bhe@redhat.com>
> > Cc: Alexander Graf <graf@amazon.com>
> > Cc: Steven Chen <chenste@linux.microsoft.com>
> > Cc: linux-integrity@vger.kernel.org
> > To: kexec@lists.infradead.org
>
> So I'm thinking we should add
>
> Fixes: 0091d9241ea2 ("kexec: define functions to map and unmap segments")
Should be:
Fixes: 07d24902977e ("kexec: enable CMA based contiguous allocation")

Because 07d24902977e came after 0091d9241ea2 and introduced this issue.

Thanks,

Pingfan

> Cc: <stable@vger.kernel.org>
>
> yes?
>

Re: [PATCH 2/2] kernel/kexec: Fix IMA when allocation happens in CMA area

[Andrew Morton]

On Thu, 6 Nov 2025 10:57:33 +0800 Pingfan Liu <piliu@redhat.com> wrote:

> > > This is caused by the fact that kexec allocates the destination directly
> > > in the CMA area. In that case, the CMA kernel address should be exported
> > > directly to the IMA component, instead of using the vmalloc'd address.
> >
> > This is something we should backport into tearlier kernels.
> >
> > > Signed-off-by: Pingfan Liu <piliu@redhat.com>
> > > Cc: Andrew Morton <akpm@linux-foundation.org>
> > > Cc: Baoquan He <bhe@redhat.com>
> > > Cc: Alexander Graf <graf@amazon.com>
> > > Cc: Steven Chen <chenste@linux.microsoft.com>
> > > Cc: linux-integrity@vger.kernel.org
> > > To: kexec@lists.infradead.org
> >
> > So I'm thinking we should add
> >
> > Fixes: 0091d9241ea2 ("kexec: define functions to map and unmap segments")
> Should be:
> Fixes: 07d24902977e ("kexec: enable CMA based contiguous allocation")
> 
> Because 07d24902977e came after 0091d9241ea2 and introduced this issue.

Thanks, I updated the mm.git copy of this patch.

Re: [PATCH 2/2] kernel/kexec: Fix IMA when allocation happens in CMA area

[Baoquan He]

Hi Pingfan,

On 11/05/25 at 09:09pm, Pingfan Liu wrote:
> When I tested kexec with the latest kernel, I ran into the following warning:
> 
> [   40.712410] ------------[ cut here ]------------
> [   40.712576] WARNING: CPU: 2 PID: 1562 at kernel/kexec_core.c:1001 kimage_map_segment+0x144/0x198
> [...]
> [   40.816047] Call trace:
> [   40.818498]  kimage_map_segment+0x144/0x198 (P)
> [   40.823221]  ima_kexec_post_load+0x58/0xc0
> [   40.827246]  __do_sys_kexec_file_load+0x29c/0x368
> [...]
> [   40.855423] ---[ end trace 0000000000000000 ]---
> 
> This is caused by the fact that kexec allocates the destination directly
> in the CMA area. In that case, the CMA kernel address should be exported
> directly to the IMA component, instead of using the vmalloc'd address.
> 
> Signed-off-by: Pingfan Liu <piliu@redhat.com>
> Cc: Andrew Morton <akpm@linux-foundation.org>
> Cc: Baoquan He <bhe@redhat.com>
> Cc: Alexander Graf <graf@amazon.com>
> Cc: Steven Chen <chenste@linux.microsoft.com>
> Cc: linux-integrity@vger.kernel.org
> To: kexec@lists.infradead.org
> ---
>  kernel/kexec_core.c | 7 ++++++-
>  1 file changed, 6 insertions(+), 1 deletion(-)
> 
> diff --git a/kernel/kexec_core.c b/kernel/kexec_core.c
> index 9a1966207041..abe40286a02c 100644
> --- a/kernel/kexec_core.c
> +++ b/kernel/kexec_core.c
> @@ -967,6 +967,7 @@ void *kimage_map_segment(struct kimage *image, int idx)
>  	kimage_entry_t *ptr, entry;
>  	struct page **src_pages;
>  	unsigned int npages;
> +	struct page *cma;
>  	void *vaddr = NULL;
>  	int i;
>  
> @@ -974,6 +975,9 @@ void *kimage_map_segment(struct kimage *image, int idx)
>  	size = image->segment[idx].memsz;
>  	eaddr = addr + size;
>  
> +	cma = image->segment_cma[idx];

Thanks for your fix. But I totally can't get what you are doing. The idx
passed into kimage_map_segment() could index image->segment[], and can
index image->segment_cma[], could you reconsider and make the code more
reasonable?

> +	if (cma)
> +		return cma;
>  	/*
>  	 * Collect the source pages and map them in a contiguous VA range.
>  	 */
> @@ -1014,7 +1018,8 @@ void *kimage_map_segment(struct kimage *image, int idx)
>  
>  void kimage_unmap_segment(void *segment_buffer)
>  {
> -	vunmap(segment_buffer);
> +	if (is_vmalloc_addr(segment_buffer))
> +		vunmap(segment_buffer);
>  }
>  
>  struct kexec_load_limit {
> -- 
> 2.49.0
> 

Re: [PATCH 2/2] kernel/kexec: Fix IMA when allocation happens in CMA area

[Pingfan Liu]

Hi Baoquan,

Thanks for your review. Please see the comment below.

On Thu, Nov 6, 2025 at 10:04 AM Baoquan He <bhe@redhat.com> wrote:
>
> Hi Pingfan,
>
> On 11/05/25 at 09:09pm, Pingfan Liu wrote:
> > When I tested kexec with the latest kernel, I ran into the following warning:
> >
> > [   40.712410] ------------[ cut here ]------------
> > [   40.712576] WARNING: CPU: 2 PID: 1562 at kernel/kexec_core.c:1001 kimage_map_segment+0x144/0x198
> > [...]
> > [   40.816047] Call trace:
> > [   40.818498]  kimage_map_segment+0x144/0x198 (P)
> > [   40.823221]  ima_kexec_post_load+0x58/0xc0
> > [   40.827246]  __do_sys_kexec_file_load+0x29c/0x368
> > [...]
> > [   40.855423] ---[ end trace 0000000000000000 ]---
> >
> > This is caused by the fact that kexec allocates the destination directly
> > in the CMA area. In that case, the CMA kernel address should be exported
> > directly to the IMA component, instead of using the vmalloc'd address.
> >
> > Signed-off-by: Pingfan Liu <piliu@redhat.com>
> > Cc: Andrew Morton <akpm@linux-foundation.org>
> > Cc: Baoquan He <bhe@redhat.com>
> > Cc: Alexander Graf <graf@amazon.com>
> > Cc: Steven Chen <chenste@linux.microsoft.com>
> > Cc: linux-integrity@vger.kernel.org
> > To: kexec@lists.infradead.org
> > ---
> >  kernel/kexec_core.c | 7 ++++++-
> >  1 file changed, 6 insertions(+), 1 deletion(-)
> >
> > diff --git a/kernel/kexec_core.c b/kernel/kexec_core.c
> > index 9a1966207041..abe40286a02c 100644
> > --- a/kernel/kexec_core.c
> > +++ b/kernel/kexec_core.c
> > @@ -967,6 +967,7 @@ void *kimage_map_segment(struct kimage *image, int idx)
> >       kimage_entry_t *ptr, entry;
> >       struct page **src_pages;
> >       unsigned int npages;
> > +     struct page *cma;
> >       void *vaddr = NULL;
> >       int i;
> >
> > @@ -974,6 +975,9 @@ void *kimage_map_segment(struct kimage *image, int idx)
> >       size = image->segment[idx].memsz;
> >       eaddr = addr + size;
> >
> > +     cma = image->segment_cma[idx];
>
> Thanks for your fix. But I totally can't get what you are doing. The idx
> passed into kimage_map_segment() could index image->segment[], and can
> index image->segment_cma[], could you reconsider and make the code more
> reasonable?
>

Since idx can index both image->segment[] and segment_cma[], the
behavior differs based on whether segment_cma[idx] is NULL:

- If segment_cma[idx] is not NULL, it points directly to the final
target location, eliminating the need for data copying that
traditional kexec relocation requires.
- If segment_cma[idx] is NULL, the segment relies on the traditional
kexec relocation code to copy its data.


Thanks,

Pingfan


> > +     if (cma)
> > +             return cma;
> >       /*
> >        * Collect the source pages and map them in a contiguous VA range.
> >        */
> > @@ -1014,7 +1018,8 @@ void *kimage_map_segment(struct kimage *image, int idx)
> >
> >  void kimage_unmap_segment(void *segment_buffer)
> >  {
> > -     vunmap(segment_buffer);
> > +     if (is_vmalloc_addr(segment_buffer))
> > +             vunmap(segment_buffer);
> >  }
> >
> >  struct kexec_load_limit {
> > --
> > 2.49.0
> >
>

Re: [PATCH 2/2] kernel/kexec: Fix IMA when allocation happens in CMA area

[Baoquan He]

On 11/06/25 at 10:33am, Pingfan Liu wrote:
> Hi Baoquan,
> 
> Thanks for your review. Please see the comment below.
> 
> On Thu, Nov 6, 2025 at 10:04 AM Baoquan He <bhe@redhat.com> wrote:
> >
> > Hi Pingfan,
> >
> > On 11/05/25 at 09:09pm, Pingfan Liu wrote:
> > > When I tested kexec with the latest kernel, I ran into the following warning:
> > >
> > > [   40.712410] ------------[ cut here ]------------
> > > [   40.712576] WARNING: CPU: 2 PID: 1562 at kernel/kexec_core.c:1001 kimage_map_segment+0x144/0x198
> > > [...]
> > > [   40.816047] Call trace:
> > > [   40.818498]  kimage_map_segment+0x144/0x198 (P)
> > > [   40.823221]  ima_kexec_post_load+0x58/0xc0
> > > [   40.827246]  __do_sys_kexec_file_load+0x29c/0x368
> > > [...]
> > > [   40.855423] ---[ end trace 0000000000000000 ]---
> > >
> > > This is caused by the fact that kexec allocates the destination directly
> > > in the CMA area. In that case, the CMA kernel address should be exported
> > > directly to the IMA component, instead of using the vmalloc'd address.
> > >
> > > Signed-off-by: Pingfan Liu <piliu@redhat.com>
> > > Cc: Andrew Morton <akpm@linux-foundation.org>
> > > Cc: Baoquan He <bhe@redhat.com>
> > > Cc: Alexander Graf <graf@amazon.com>
> > > Cc: Steven Chen <chenste@linux.microsoft.com>
> > > Cc: linux-integrity@vger.kernel.org
> > > To: kexec@lists.infradead.org
> > > ---
> > >  kernel/kexec_core.c | 7 ++++++-
> > >  1 file changed, 6 insertions(+), 1 deletion(-)
> > >
> > > diff --git a/kernel/kexec_core.c b/kernel/kexec_core.c
> > > index 9a1966207041..abe40286a02c 100644
> > > --- a/kernel/kexec_core.c
> > > +++ b/kernel/kexec_core.c
> > > @@ -967,6 +967,7 @@ void *kimage_map_segment(struct kimage *image, int idx)
> > >       kimage_entry_t *ptr, entry;
> > >       struct page **src_pages;
> > >       unsigned int npages;
> > > +     struct page *cma;
> > >       void *vaddr = NULL;
> > >       int i;
> > >
> > > @@ -974,6 +975,9 @@ void *kimage_map_segment(struct kimage *image, int idx)
> > >       size = image->segment[idx].memsz;
> > >       eaddr = addr + size;
> > >
> > > +     cma = image->segment_cma[idx];
> >
> > Thanks for your fix. But I totally can't get what you are doing. The idx
> > passed into kimage_map_segment() could index image->segment[], and can
> > index image->segment_cma[], could you reconsider and make the code more
> > reasonable?
> >
> 
> Since idx can index both image->segment[] and segment_cma[], the
> behavior differs based on whether segment_cma[idx] is NULL:
> 
> - If segment_cma[idx] is not NULL, it points directly to the final
> target location, eliminating the need for data copying that
> traditional kexec relocation requires.
> - If segment_cma[idx] is NULL, the segment relies on the traditional
> kexec relocation code to copy its data.

I see, thanks. While image->segment_cma[idx] records the struct page of
the relevant cma area, but not virtual address. Is it OK for IMA later
to update? ima_kexec_buffer is supposed to be a virtual address,
wondering how IMA behaved in this case.

Re: [PATCH 2/2] kernel/kexec: Fix IMA when allocation happens in CMA area

[Pingfan Liu]

On Thu, Nov 6, 2025 at 11:22 AM Baoquan He <bhe@redhat.com> wrote:
>
> On 11/06/25 at 10:33am, Pingfan Liu wrote:
> > Hi Baoquan,
> >
> > Thanks for your review. Please see the comment below.
> >
> > On Thu, Nov 6, 2025 at 10:04 AM Baoquan He <bhe@redhat.com> wrote:
> > >
> > > Hi Pingfan,
> > >
> > > On 11/05/25 at 09:09pm, Pingfan Liu wrote:
> > > > When I tested kexec with the latest kernel, I ran into the following warning:
> > > >
> > > > [   40.712410] ------------[ cut here ]------------
> > > > [   40.712576] WARNING: CPU: 2 PID: 1562 at kernel/kexec_core.c:1001 kimage_map_segment+0x144/0x198
> > > > [...]
> > > > [   40.816047] Call trace:
> > > > [   40.818498]  kimage_map_segment+0x144/0x198 (P)
> > > > [   40.823221]  ima_kexec_post_load+0x58/0xc0
> > > > [   40.827246]  __do_sys_kexec_file_load+0x29c/0x368
> > > > [...]
> > > > [   40.855423] ---[ end trace 0000000000000000 ]---
> > > >
> > > > This is caused by the fact that kexec allocates the destination directly
> > > > in the CMA area. In that case, the CMA kernel address should be exported
> > > > directly to the IMA component, instead of using the vmalloc'd address.
> > > >
> > > > Signed-off-by: Pingfan Liu <piliu@redhat.com>
> > > > Cc: Andrew Morton <akpm@linux-foundation.org>
> > > > Cc: Baoquan He <bhe@redhat.com>
> > > > Cc: Alexander Graf <graf@amazon.com>
> > > > Cc: Steven Chen <chenste@linux.microsoft.com>
> > > > Cc: linux-integrity@vger.kernel.org
> > > > To: kexec@lists.infradead.org
> > > > ---
> > > >  kernel/kexec_core.c | 7 ++++++-
> > > >  1 file changed, 6 insertions(+), 1 deletion(-)
> > > >
> > > > diff --git a/kernel/kexec_core.c b/kernel/kexec_core.c
> > > > index 9a1966207041..abe40286a02c 100644
> > > > --- a/kernel/kexec_core.c
> > > > +++ b/kernel/kexec_core.c
> > > > @@ -967,6 +967,7 @@ void *kimage_map_segment(struct kimage *image, int idx)
> > > >       kimage_entry_t *ptr, entry;
> > > >       struct page **src_pages;
> > > >       unsigned int npages;
> > > > +     struct page *cma;
> > > >       void *vaddr = NULL;
> > > >       int i;
> > > >
> > > > @@ -974,6 +975,9 @@ void *kimage_map_segment(struct kimage *image, int idx)
> > > >       size = image->segment[idx].memsz;
> > > >       eaddr = addr + size;
> > > >
> > > > +     cma = image->segment_cma[idx];
> > >
> > > Thanks for your fix. But I totally can't get what you are doing. The idx
> > > passed into kimage_map_segment() could index image->segment[], and can
> > > index image->segment_cma[], could you reconsider and make the code more
> > > reasonable?
> > >
> >
> > Since idx can index both image->segment[] and segment_cma[], the
> > behavior differs based on whether segment_cma[idx] is NULL:
> >
> > - If segment_cma[idx] is not NULL, it points directly to the final
> > target location, eliminating the need for data copying that
> > traditional kexec relocation requires.
> > - If segment_cma[idx] is NULL, the segment relies on the traditional
> > kexec relocation code to copy its data.
>
> I see, thanks. While image->segment_cma[idx] records the struct page of
> the relevant cma area, but not virtual address. Is it OK for IMA later

Oops. It requires page_address(page) to convert the address. I will
send out V2 to fix it.

Thanks,

Pingfan