* [PATCH 1/3] arm64: kexec: Initialize kexec_buf struct in load_other_segments()
2025-08-27 10:42 [PATCH 0/3] kexec: Fix invalid field access Breno Leitao
@ 2025-08-27 10:42 ` Breno Leitao
2025-08-27 10:42 ` [PATCH 2/3] riscv: kexec: Initialize kexec_buf struct Breno Leitao
` (3 subsequent siblings)
4 siblings, 0 replies; 8+ messages in thread
From: Breno Leitao @ 2025-08-27 10:42 UTC (permalink / raw)
To: Catalin Marinas, Will Deacon, Andrew Morton, Baoquan He, Coiby Xu,
Paul Walmsley, Palmer Dabbelt, Albert Ou, Alexandre Ghiti,
Heiko Carstens, Vasily Gorbik, Alexander Gordeev,
Christian Borntraeger, Sven Schnelle
Cc: linux-arm-kernel, linux-kernel, linux-riscv, linux-s390,
Breno Leitao, kernel-team
The kexec_buf structure was previously declared without initialization.
commit bf454ec31add ("kexec_file: allow to place kexec_buf randomly")
added a field that is always read but not consistently populated by all
architectures. This un-initialized field will contain garbage.
This is also triggering a UBSAN warning when the uninitialized data was
accessed:
------------[ cut here ]------------
UBSAN: invalid-load in ./include/linux/kexec.h:210:10
load of value 252 is not a valid value for type '_Bool'
Zero-initializing kexec_buf at declaration ensures all fields are
cleanly set, preventing future instances of uninitialized memory being
used.
Signed-off-by: Breno Leitao <leitao@debian.org>
Fixes: bf454ec31add ("kexec_file: allow to place kexec_buf randomly")
---
arch/arm64/kernel/machine_kexec_file.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/arm64/kernel/machine_kexec_file.c b/arch/arm64/kernel/machine_kexec_file.c
index af1ca875c52ce..410060ebd86df 100644
--- a/arch/arm64/kernel/machine_kexec_file.c
+++ b/arch/arm64/kernel/machine_kexec_file.c
@@ -94,7 +94,7 @@ int load_other_segments(struct kimage *image,
char *initrd, unsigned long initrd_len,
char *cmdline)
{
- struct kexec_buf kbuf;
+ struct kexec_buf kbuf = {};
void *dtb = NULL;
unsigned long initrd_load_addr = 0, dtb_len,
orig_segments = image->nr_segments;
--
2.47.3
^ permalink raw reply related [flat|nested] 8+ messages in thread* [PATCH 2/3] riscv: kexec: Initialize kexec_buf struct
2025-08-27 10:42 [PATCH 0/3] kexec: Fix invalid field access Breno Leitao
2025-08-27 10:42 ` [PATCH 1/3] arm64: kexec: Initialize kexec_buf struct in load_other_segments() Breno Leitao
@ 2025-08-27 10:42 ` Breno Leitao
2025-08-27 10:42 ` [PATCH 3/3] s390: " Breno Leitao
` (2 subsequent siblings)
4 siblings, 0 replies; 8+ messages in thread
From: Breno Leitao @ 2025-08-27 10:42 UTC (permalink / raw)
To: Catalin Marinas, Will Deacon, Andrew Morton, Baoquan He, Coiby Xu,
Paul Walmsley, Palmer Dabbelt, Albert Ou, Alexandre Ghiti,
Heiko Carstens, Vasily Gorbik, Alexander Gordeev,
Christian Borntraeger, Sven Schnelle
Cc: linux-arm-kernel, linux-kernel, linux-riscv, linux-s390,
Breno Leitao, kernel-team
The kexec_buf structure was previously declared without initialization.
commit bf454ec31add ("kexec_file: allow to place kexec_buf randomly")
added a field that is always read but not consistently populated by all
architectures. This un-initialized field will contain garbage.
This is also triggering a UBSAN warning when the uninitialized data was
accessed:
------------[ cut here ]------------
UBSAN: invalid-load in ./include/linux/kexec.h:210:10
load of value 252 is not a valid value for type '_Bool'
Zero-initializing kexec_buf at declaration ensures all fields are
cleanly set, preventing future instances of uninitialized memory being
used.
Fixes: bf454ec31add ("kexec_file: allow to place kexec_buf randomly")
Signed-off-by: Breno Leitao <leitao@debian.org>
---
arch/riscv/kernel/kexec_elf.c | 4 ++--
arch/riscv/kernel/kexec_image.c | 2 +-
arch/riscv/kernel/machine_kexec_file.c | 2 +-
3 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/arch/riscv/kernel/kexec_elf.c b/arch/riscv/kernel/kexec_elf.c
index 56444c7bd34eb..531d348db84d7 100644
--- a/arch/riscv/kernel/kexec_elf.c
+++ b/arch/riscv/kernel/kexec_elf.c
@@ -28,7 +28,7 @@ static int riscv_kexec_elf_load(struct kimage *image, struct elfhdr *ehdr,
int i;
int ret = 0;
size_t size;
- struct kexec_buf kbuf;
+ struct kexec_buf kbuf = {};
const struct elf_phdr *phdr;
kbuf.image = image;
@@ -66,7 +66,7 @@ static int elf_find_pbase(struct kimage *image, unsigned long kernel_len,
{
int i;
int ret;
- struct kexec_buf kbuf;
+ struct kexec_buf kbuf = {};
const struct elf_phdr *phdr;
unsigned long lowest_paddr = ULONG_MAX;
unsigned long lowest_vaddr = ULONG_MAX;
diff --git a/arch/riscv/kernel/kexec_image.c b/arch/riscv/kernel/kexec_image.c
index 26a81774a78a3..8f2eb900910b1 100644
--- a/arch/riscv/kernel/kexec_image.c
+++ b/arch/riscv/kernel/kexec_image.c
@@ -41,7 +41,7 @@ static void *image_load(struct kimage *image,
struct riscv_image_header *h;
u64 flags;
bool be_image, be_kernel;
- struct kexec_buf kbuf;
+ struct kexec_buf kbuf = {};
int ret;
/* Check Image header */
diff --git a/arch/riscv/kernel/machine_kexec_file.c b/arch/riscv/kernel/machine_kexec_file.c
index e36104af2e247..b9eb41b0a9751 100644
--- a/arch/riscv/kernel/machine_kexec_file.c
+++ b/arch/riscv/kernel/machine_kexec_file.c
@@ -261,7 +261,7 @@ int load_extra_segments(struct kimage *image, unsigned long kernel_start,
int ret;
void *fdt;
unsigned long initrd_pbase = 0UL;
- struct kexec_buf kbuf;
+ struct kexec_buf kbuf = {};
char *modified_cmdline = NULL;
kbuf.image = image;
--
2.47.3
^ permalink raw reply related [flat|nested] 8+ messages in thread* [PATCH 3/3] s390: kexec: Initialize kexec_buf struct
2025-08-27 10:42 [PATCH 0/3] kexec: Fix invalid field access Breno Leitao
2025-08-27 10:42 ` [PATCH 1/3] arm64: kexec: Initialize kexec_buf struct in load_other_segments() Breno Leitao
2025-08-27 10:42 ` [PATCH 2/3] riscv: kexec: Initialize kexec_buf struct Breno Leitao
@ 2025-08-27 10:42 ` Breno Leitao
2025-08-28 3:49 ` [PATCH 0/3] kexec: Fix invalid field access Baoquan He
2025-09-01 6:42 ` Alexandre Ghiti
4 siblings, 0 replies; 8+ messages in thread
From: Breno Leitao @ 2025-08-27 10:42 UTC (permalink / raw)
To: Catalin Marinas, Will Deacon, Andrew Morton, Baoquan He, Coiby Xu,
Paul Walmsley, Palmer Dabbelt, Albert Ou, Alexandre Ghiti,
Heiko Carstens, Vasily Gorbik, Alexander Gordeev,
Christian Borntraeger, Sven Schnelle
Cc: linux-arm-kernel, linux-kernel, linux-riscv, linux-s390,
Breno Leitao, kernel-team
The kexec_buf structure was previously declared without initialization.
commit bf454ec31add ("kexec_file: allow to place kexec_buf randomly")
added a field that is always read but not consistently populated by all
architectures. This un-initialized field will contain garbage.
This is also triggering a UBSAN warning when the uninitialized data was
accessed:
------------[ cut here ]------------
UBSAN: invalid-load in ./include/linux/kexec.h:210:10
load of value 252 is not a valid value for type '_Bool'
Zero-initializing kexec_buf at declaration ensures all fields are
cleanly set, preventing future instances of uninitialized memory being
used.
Fixes: bf454ec31add ("kexec_file: allow to place kexec_buf randomly")
Signed-off-by: Breno Leitao <leitao@debian.org>
---
arch/s390/kernel/kexec_elf.c | 2 +-
arch/s390/kernel/kexec_image.c | 2 +-
arch/s390/kernel/machine_kexec_file.c | 6 +++---
3 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/arch/s390/kernel/kexec_elf.c b/arch/s390/kernel/kexec_elf.c
index 4d364de437992..143e34a4eca57 100644
--- a/arch/s390/kernel/kexec_elf.c
+++ b/arch/s390/kernel/kexec_elf.c
@@ -16,7 +16,7 @@
static int kexec_file_add_kernel_elf(struct kimage *image,
struct s390_load_data *data)
{
- struct kexec_buf buf;
+ struct kexec_buf buf = {};
const Elf_Ehdr *ehdr;
const Elf_Phdr *phdr;
Elf_Addr entry;
diff --git a/arch/s390/kernel/kexec_image.c b/arch/s390/kernel/kexec_image.c
index a32ce8bea745c..9a439175723ca 100644
--- a/arch/s390/kernel/kexec_image.c
+++ b/arch/s390/kernel/kexec_image.c
@@ -16,7 +16,7 @@
static int kexec_file_add_kernel_image(struct kimage *image,
struct s390_load_data *data)
{
- struct kexec_buf buf;
+ struct kexec_buf buf = {};
buf.image = image;
diff --git a/arch/s390/kernel/machine_kexec_file.c b/arch/s390/kernel/machine_kexec_file.c
index c2bac14dd668a..a36d7311c6683 100644
--- a/arch/s390/kernel/machine_kexec_file.c
+++ b/arch/s390/kernel/machine_kexec_file.c
@@ -129,7 +129,7 @@ static int kexec_file_update_purgatory(struct kimage *image,
static int kexec_file_add_purgatory(struct kimage *image,
struct s390_load_data *data)
{
- struct kexec_buf buf;
+ struct kexec_buf buf = {};
int ret;
buf.image = image;
@@ -152,7 +152,7 @@ static int kexec_file_add_purgatory(struct kimage *image,
static int kexec_file_add_initrd(struct kimage *image,
struct s390_load_data *data)
{
- struct kexec_buf buf;
+ struct kexec_buf buf = {};
int ret;
buf.image = image;
@@ -184,7 +184,7 @@ static int kexec_file_add_ipl_report(struct kimage *image,
{
__u32 *lc_ipl_parmblock_ptr;
unsigned int len, ncerts;
- struct kexec_buf buf;
+ struct kexec_buf buf = {};
unsigned long addr;
void *ptr, *end;
int ret;
--
2.47.3
^ permalink raw reply related [flat|nested] 8+ messages in thread* Re: [PATCH 0/3] kexec: Fix invalid field access
2025-08-27 10:42 [PATCH 0/3] kexec: Fix invalid field access Breno Leitao
` (2 preceding siblings ...)
2025-08-27 10:42 ` [PATCH 3/3] s390: " Breno Leitao
@ 2025-08-28 3:49 ` Baoquan He
2025-09-01 6:42 ` Alexandre Ghiti
4 siblings, 0 replies; 8+ messages in thread
From: Baoquan He @ 2025-08-28 3:49 UTC (permalink / raw)
To: Breno Leitao
Cc: Catalin Marinas, Will Deacon, Andrew Morton, Coiby Xu,
Paul Walmsley, Palmer Dabbelt, Albert Ou, Alexandre Ghiti,
Heiko Carstens, Vasily Gorbik, Alexander Gordeev,
Christian Borntraeger, Sven Schnelle, linux-arm-kernel,
linux-kernel, linux-riscv, linux-s390, kernel-team
On 08/27/25 at 03:42am, Breno Leitao wrote:
> The kexec_buf structure was previously declared without initialization.
> commit bf454ec31add ("kexec_file: allow to place kexec_buf randomly")
> added a field that is always read but not consistently populated by all
> architectures. This un-initialized field will contain garbage.
>
> This is also triggering a UBSAN warning when the uninitialized data was
> accessed:
>
> ------------[ cut here ]------------
> UBSAN: invalid-load in ./include/linux/kexec.h:210:10
> load of value 252 is not a valid value for type '_Bool'
>
> Zero-initializing kexec_buf at declaration ensures all fields are
> cleanly set, preventing future instances of uninitialized memory being
> used.
>
> An initial fix was already landed for arm64[0], and this patchset fixes
> the problem on the remaining arm64 code and on riscv, as raised by Mark.
>
> Discussions about this problem could be found at[1][2].
>
> Link: https://lore.kernel.org/all/20250826180742.f2471131255ec1c43683ea07@linux-foundation.org/ [0]
> Link: https://lore.kernel.org/all/oninomspajhxp4omtdapxnckxydbk2nzmrix7rggmpukpnzadw@c67o7njgdgm3/ [1]
> Link: https://lore.kernel.org/all/20250826-akpm-v1-1-3c831f0e3799@debian.org/ [2]
>
> Signed-off-by: Breno Leitao <leitao@debian.org>
> ---
> Breno Leitao (3):
> arm64: kexec: Initialize kexec_buf struct in load_other_segments()
> riscv: kexec: Initialize kexec_buf struct
> s390: kexec: Initialize kexec_buf struct
Thanks for the fix, all looks good to me.
Acked-by: Baoquan He <bhe@redhat.com>
^ permalink raw reply [flat|nested] 8+ messages in thread* Re: [PATCH 0/3] kexec: Fix invalid field access
2025-08-27 10:42 [PATCH 0/3] kexec: Fix invalid field access Breno Leitao
` (3 preceding siblings ...)
2025-08-28 3:49 ` [PATCH 0/3] kexec: Fix invalid field access Baoquan He
@ 2025-09-01 6:42 ` Alexandre Ghiti
2025-09-01 9:02 ` Baoquan He
4 siblings, 1 reply; 8+ messages in thread
From: Alexandre Ghiti @ 2025-09-01 6:42 UTC (permalink / raw)
To: Breno Leitao, Catalin Marinas, Will Deacon, Andrew Morton,
Baoquan He, Coiby Xu, Paul Walmsley, Palmer Dabbelt, Albert Ou,
Heiko Carstens, Vasily Gorbik, Alexander Gordeev,
Christian Borntraeger, Sven Schnelle
Cc: linux-arm-kernel, linux-kernel, linux-riscv, linux-s390,
kernel-team
Hi Breno,
On 8/27/25 12:42, Breno Leitao wrote:
> The kexec_buf structure was previously declared without initialization.
> commit bf454ec31add ("kexec_file: allow to place kexec_buf randomly")
> added a field that is always read but not consistently populated by all
> architectures. This un-initialized field will contain garbage.
>
> This is also triggering a UBSAN warning when the uninitialized data was
> accessed:
>
> ------------[ cut here ]------------
> UBSAN: invalid-load in ./include/linux/kexec.h:210:10
> load of value 252 is not a valid value for type '_Bool'
>
> Zero-initializing kexec_buf at declaration ensures all fields are
> cleanly set, preventing future instances of uninitialized memory being
> used.
>
> An initial fix was already landed for arm64[0], and this patchset fixes
> the problem on the remaining arm64 code and on riscv, as raised by Mark.
>
> Discussions about this problem could be found at[1][2].
>
> Link: https://lore.kernel.org/all/20250826180742.f2471131255ec1c43683ea07@linux-foundation.org/ [0]
> Link: https://lore.kernel.org/all/oninomspajhxp4omtdapxnckxydbk2nzmrix7rggmpukpnzadw@c67o7njgdgm3/ [1]
> Link: https://lore.kernel.org/all/20250826-akpm-v1-1-3c831f0e3799@debian.org/ [2]
>
> Signed-off-by: Breno Leitao <leitao@debian.org>
> ---
> Breno Leitao (3):
> arm64: kexec: Initialize kexec_buf struct in load_other_segments()
> riscv: kexec: Initialize kexec_buf struct
> s390: kexec: Initialize kexec_buf struct
>
> arch/arm64/kernel/machine_kexec_file.c | 2 +-
> arch/riscv/kernel/kexec_elf.c | 4 ++--
> arch/riscv/kernel/kexec_image.c | 2 +-
> arch/riscv/kernel/machine_kexec_file.c | 2 +-
> arch/s390/kernel/kexec_elf.c | 2 +-
> arch/s390/kernel/kexec_image.c | 2 +-
> arch/s390/kernel/machine_kexec_file.c | 6 +++---
> 7 files changed, 10 insertions(+), 10 deletions(-)
> ---
> base-commit: 3c642997252eef4449cb6b6e02af3dc22515d817
> change-id: 20250827-kbuf_all-b9d55c9291eb
>
> Best regards,
> --
> Breno Leitao <leitao@debian.org>
I see that the commit those patches fix is in 6.16 so we should add cc:
stable.
And who should merge those patches? Should we do it on a per-arch basis?
Thanks,
Alex
>
> _______________________________________________
> linux-riscv mailing list
> linux-riscv@lists.infradead.org
> http://lists.infradead.org/mailman/listinfo/linux-riscv
^ permalink raw reply [flat|nested] 8+ messages in thread* Re: [PATCH 0/3] kexec: Fix invalid field access
2025-09-01 6:42 ` Alexandre Ghiti
@ 2025-09-01 9:02 ` Baoquan He
2025-09-01 9:40 ` Alexandre Ghiti
0 siblings, 1 reply; 8+ messages in thread
From: Baoquan He @ 2025-09-01 9:02 UTC (permalink / raw)
To: Alexandre Ghiti
Cc: Breno Leitao, Catalin Marinas, Will Deacon, Andrew Morton,
Coiby Xu, Paul Walmsley, Palmer Dabbelt, Albert Ou,
Heiko Carstens, Vasily Gorbik, Alexander Gordeev,
Christian Borntraeger, Sven Schnelle, linux-arm-kernel,
linux-kernel, linux-riscv, linux-s390, kernel-team
On 09/01/25 at 08:42am, Alexandre Ghiti wrote:
> Hi Breno,
>
> On 8/27/25 12:42, Breno Leitao wrote:
.....snip...
>
> I see that the commit those patches fix is in 6.16 so we should add cc:
> stable.
>
> And who should merge those patches? Should we do it on a per-arch basis?
It's been in Andrew's akpm-mm/mm-hotfixes-unstable.
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH 0/3] kexec: Fix invalid field access
2025-09-01 9:02 ` Baoquan He
@ 2025-09-01 9:40 ` Alexandre Ghiti
0 siblings, 0 replies; 8+ messages in thread
From: Alexandre Ghiti @ 2025-09-01 9:40 UTC (permalink / raw)
To: Baoquan He
Cc: Breno Leitao, Catalin Marinas, Will Deacon, Andrew Morton,
Coiby Xu, Paul Walmsley, Palmer Dabbelt, Albert Ou,
Heiko Carstens, Vasily Gorbik, Alexander Gordeev,
Christian Borntraeger, Sven Schnelle, linux-arm-kernel,
linux-kernel, linux-riscv, linux-s390, kernel-team
Hi Baoquan,
On 9/1/25 11:02, Baoquan He wrote:
> On 09/01/25 at 08:42am, Alexandre Ghiti wrote:
>> Hi Breno,
>>
>> On 8/27/25 12:42, Breno Leitao wrote:
> .....snip...
>> I see that the commit those patches fix is in 6.16 so we should add cc:
>> stable.
>>
>> And who should merge those patches? Should we do it on a per-arch basis?
> It's been in Andrew's akpm-mm/mm-hotfixes-unstable.
Great, thanks for letting me know.
Alex
>
^ permalink raw reply [flat|nested] 8+ messages in thread