Re: [PATCH] kexec: derive purgatory entry from symbol

[Baoquan He <bhe@redhat.com>]

Hi Li Chen,

On 01/20/26 at 08:40pm, Li Chen wrote:
> kexec_load_purgatory() derives image->start by locating e_entry inside an
> SHF_EXECINSTR section. If the purgatory object contains multiple executable
> sections with overlapping sh_addr, the entrypoint check can match more than
> once and trigger a WARN.
> 
> Derive the entry section from the purgatory_start symbol when present and
> compute image->start from its final placement. Keep the existing e_entry
> fallback for purgatories that do not expose the symbol.
> 
> WARNING: kernel/kexec_file.c:1009 at kexec_load_purgatory+0x395/0x3c0, CPU#10: kexec/1784
> Call Trace:
>  <TASK>
>  bzImage64_load+0x133/0xa00
>  __do_sys_kexec_file_load+0x2b3/0x5c0
>  do_syscall_64+0x81/0x610
>  entry_SYSCALL_64_after_hwframe+0x76/0x7e
> 
> Fixes: 8652d44f466a ("kexec: support purgatories with .text.hot sections")
> Signed-off-by: Li Chen <me@linux.beauty>

Thanks for fixing the issue. Could you tell how we can trigger this
issue so that I can reproduce it?

> ---
>  kernel/kexec_file.c | 24 ++++++++++++++++++++++--
>  1 file changed, 22 insertions(+), 2 deletions(-)
> 
> diff --git a/kernel/kexec_file.c b/kernel/kexec_file.c
> index 3f1d6c4e8ff2..d3c68c6b4bbc 100644
> --- a/kernel/kexec_file.c
> +++ b/kernel/kexec_file.c
> @@ -880,6 +880,8 @@ static int kexec_calculate_store_digests(struct kimage *image)
>  }
>  
>  #ifdef CONFIG_ARCH_SUPPORTS_KEXEC_PURGATORY
> +static const Elf_Sym * kexec_purgatory_find_symbol(struct purgatory_info *pi,
> +			      const char *name);

Here, is it better to move the whole function body of
kexec_purgatory_find_symbol() here so that kexec_purgatory_setup_sechdrs()
can see it too?

Other than the concerns about how to reproducing and above one, this
patch looks good to me.

Thanks
Baoquan

>  /*
>   * kexec_purgatory_setup_kbuf - prepare buffer to load purgatory.
>   * @pi:		Purgatory to be loaded.
> @@ -958,6 +960,10 @@ static int kexec_purgatory_setup_sechdrs(struct purgatory_info *pi,
>  	unsigned long offset;
>  	size_t sechdrs_size;
>  	Elf_Shdr *sechdrs;
> +	const Elf_Sym *entry_sym;
> +	u16 entry_shndx = 0;
> +	unsigned long entry_off = 0;
> +	bool start_fixed = false;
>  	int i;
>  
>  	/*
> @@ -975,6 +981,12 @@ static int kexec_purgatory_setup_sechdrs(struct purgatory_info *pi,
>  	bss_addr = kbuf->mem + kbuf->bufsz;
>  	kbuf->image->start = pi->ehdr->e_entry;
>  
> +	entry_sym = kexec_purgatory_find_symbol(pi, "purgatory_start");
> +	if (entry_sym) {
> +		entry_shndx = entry_sym->st_shndx;
> +		entry_off = entry_sym->st_value;
> +	}
> +
>  	for (i = 0; i < pi->ehdr->e_shnum; i++) {
>  		unsigned long align;
>  		void *src, *dst;
> @@ -992,6 +1004,13 @@ static int kexec_purgatory_setup_sechdrs(struct purgatory_info *pi,
>  
>  		offset = ALIGN(offset, align);
>  
> +		if (!start_fixed && entry_sym && i == entry_shndx &&
> +		    (sechdrs[i].sh_flags & SHF_EXECINSTR) &&
> +		    entry_off < sechdrs[i].sh_size) {
> +			kbuf->image->start = kbuf->mem + offset + entry_off;
> +			start_fixed = true;
> +		}
> +
>  		/*
>  		 * Check if the segment contains the entry point, if so,
>  		 * calculate the value of image->start based on it.
> @@ -1002,13 +1021,14 @@ static int kexec_purgatory_setup_sechdrs(struct purgatory_info *pi,
>  		 * is not set to the initial value, and warn the user so they
>  		 * have a chance to fix their purgatory's linker script.
>  		 */
> -		if (sechdrs[i].sh_flags & SHF_EXECINSTR &&
> +		if (!start_fixed && sechdrs[i].sh_flags & SHF_EXECINSTR &&
>  		    pi->ehdr->e_entry >= sechdrs[i].sh_addr &&
>  		    pi->ehdr->e_entry < (sechdrs[i].sh_addr
>  					 + sechdrs[i].sh_size) &&
> -		    !WARN_ON(kbuf->image->start != pi->ehdr->e_entry)) {
> +		    kbuf->image->start == pi->ehdr->e_entry) {
>  			kbuf->image->start -= sechdrs[i].sh_addr;
>  			kbuf->image->start += kbuf->mem + offset;
> +			start_fixed = true;
>  		}
>  
>  		src = (void *)pi->ehdr + sechdrs[i].sh_offset;
> -- 
> 2.52.0
> 
>