From: Baoquan He <bhe@redhat.com>
To: Andrew Morton <akpm@linux-foundation.org>,
pjw@kernel.org, leitao@debian.org
Cc: Yeoreum Yun <yeoreum.yun@arm.com>,
catalin.marinas@arm.com, will@kernel.org, leitao@debian.org,
coxu@redhat.com, linux-arm-kernel@lists.infradead.org,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH] arm64: kernel: initialize missing kexec_buf->random field
Date: Fri, 28 Nov 2025 08:17:21 +0800 [thread overview]
Message-ID: <aSjqEQDv7V79V3Na@MiWiFi-R3L-srv> (raw)
In-Reply-To: <20251127113706.d89a84f277dab3ad273dde75@linux-foundation.org>
On 11/27/25 at 11:37am, Andrew Morton wrote:
> On Thu, 27 Nov 2025 18:26:44 +0000 Yeoreum Yun <yeoreum.yun@arm.com> wrote:
>
> > Commit bf454ec31add ("kexec_file: allow to place kexec_buf randomly")
> > introduced the kexec_buf->random field to enable random placement of
> > kexec_buf.
> >
> > However, this field was never properly initialized for kexec images
> > that do not need to be placed randomly, leading to the following UBSAN
> > warning:
> >
> > [ +0.364528] ------------[ cut here ]------------
> > [ +0.000019] UBSAN: invalid-load in ./include/linux/kexec.h:210:12
> > [ +0.000131] load of value 2 is not a valid value for type 'bool' (aka '_Bool')
> > [ +0.000003] CPU: 4 UID: 0 PID: 927 Comm: kexec Not tainted 6.18.0-rc7+ #3 PREEMPT(full)
> > [ +0.000002] Hardware name: QEMU QEMU Virtual Machine, BIOS 0.0.0 02/06/2015
> > [ +0.000000] Call trace:
> > [ +0.000001] show_stack+0x24/0x40 (C)
> > [ +0.000006] __dump_stack+0x28/0x48
> > [ +0.000002] dump_stack_lvl+0x7c/0xb0
> > [ +0.000002] dump_stack+0x18/0x34
> > [ +0.000001] ubsan_epilogue+0x10/0x50
> > [ +0.000002] __ubsan_handle_load_invalid_value+0xc8/0xd0
> > [ +0.000003] locate_mem_hole_callback+0x28c/0x2a0
> > [ +0.000003] kexec_locate_mem_hole+0xf4/0x2f0
> > [ +0.000001] kexec_add_buffer+0xa8/0x178
> > [ +0.000002] image_load+0xf0/0x258
> > [ +0.000001] __arm64_sys_kexec_file_load+0x510/0x718
> > [ +0.000002] invoke_syscall+0x68/0xe8
> > [ +0.000001] el0_svc_common+0xb0/0xf8
> > [ +0.000002] do_el0_svc+0x28/0x48
> > [ +0.000001] el0_svc+0x40/0xe8
> > [ +0.000002] el0t_64_sync_handler+0x84/0x140
> > [ +0.000002] el0t_64_sync+0x1bc/0x1c0
> >
> > To address this, initialise kexec_buf->random field properly.
> >
> > Fixes: bf454ec31add ("kexec_file: allow to place kexec_buf randomly")
>
> Thanks, I'll add a cc:stable to this.
This has been fixed in below series from Breno Leitao.
[PATCH 0/3] kexec: Fix invalid field access
https://lore.kernel.org/all/20250827-kbuf_all-v1-0-1df9882bb01a@debian.org/T/#u
And Paul Walmsley said he has merged the series to riscv/linux.git.
While I can only see the patch for risc-v. The other two are missing.
95c54cd9c769 riscv: kexec: Initialize kexec_buf struct
next prev parent reply other threads:[~2025-11-28 0:17 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-11-27 18:26 [PATCH] arm64: kernel: initialize missing kexec_buf->random field Yeoreum Yun
2025-11-27 19:37 ` Andrew Morton
2025-11-28 0:17 ` Baoquan He [this message]
2025-11-28 8:29 ` Yeoreum Yun
2025-11-28 13:55 ` Breno Leitao
2025-11-28 14:01 ` Mark Rutland
2025-12-01 2:50 ` Baoquan He
2025-12-01 9:53 ` Breno Leitao
2025-12-01 10:36 ` Yeoreum Yun
2025-12-01 9:54 ` Mark Rutland
2025-11-28 18:31 ` Andrew Morton
2025-11-28 12:16 ` Will Deacon
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aSjqEQDv7V79V3Na@MiWiFi-R3L-srv \
--to=bhe@redhat.com \
--cc=akpm@linux-foundation.org \
--cc=catalin.marinas@arm.com \
--cc=coxu@redhat.com \
--cc=leitao@debian.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=pjw@kernel.org \
--cc=will@kernel.org \
--cc=yeoreum.yun@arm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.