From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from pdx-out-003.esa.us-west-2.outbound.mail-perimeter.amazon.com (pdx-out-003.esa.us-west-2.outbound.mail-perimeter.amazon.com [44.246.68.102])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 310103242AB
	for <linux-kernel@vger.kernel.org>; Fri, 10 Apr 2026 01:16:26 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=44.246.68.102
ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1775783787; cv=none; b=jU6nkp1s1SrdvoVgozPmjOADxqSl4F7xvJG0JAPjhmJ9HeXthNBfUnUhCVu7qlLCbBT39jlFWmnLNJbAJSi9SxMsrUb+CxcBpH489zNuZztIwenz+EtorWFG+hFsd/IZ8hqDf4tiZVT2ZEVSFy9Dn2piFmNW4t9mdSP3sOh6Lqs=
ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1775783787; c=relaxed/simple;
	bh=8vsG2dQyU2S4u1cdR9mbEQKdSPq/SMHOFDyMhTFQjWU=;
	h=From:To:CC:Subject:Date:Message-ID:MIME-Version:Content-Type; b=bJ6hOV5VVnyp1rEef/6S1AiBVs5exr99gBZ9myAddMIlpuFjqZqbd7JexDAU5iwgRi5MCXSxqH88AbcisT0W81wcCp7kwagg22sLHO+x5graeghER4LV6b+Px443QRaDUBilwOc4LFtw3alYrGj8/EuYtrx5awzPnkggHB7pe9U=
ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amazon.de; spf=pass smtp.mailfrom=amazon.de; dkim=pass (2048-bit key) header.d=amazon.de header.i=@amazon.de header.b=bgTyExWE; arc=none smtp.client-ip=44.246.68.102
Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amazon.de
Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=amazon.de
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=amazon.de header.i=@amazon.de header.b="bgTyExWE"
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
  d=amazon.de; i=@amazon.de; q=dns/txt; s=amazoncorp2;
  t=1775783786; x=1807319786;
  h=from:to:cc:subject:date:message-id:mime-version:
   content-transfer-encoding;
  bh=y+ewA8RjY6nMAFwnoN35zZbuD8YUej+hPFsz1UPCe10=;
  b=bgTyExWEoWIQ77MgORzQgVFJte6lLW7P4Snnj7W6IUPbtCTBUBunUzJC
   w5nSUxiaevESGPGKDLJyMuPwKuQvHdx57r/p6cFKHQVRmiaHasGg25Zfs
   N55+j/fyK9yCx4cMolzMfPbEEp3XZ8ig+u+oFeInNUvX+NHny8Vqj/4gj
   zwqwrUSz5/T02EExoW+N8t2R/YSiNVhWQK3Ug7ZsBnjP4Jk64ppCcfd0k
   6sv7v9MBBrxffb3YPwrOXo+fnjTSjIPQqCdykWXUq3Zsvy8nuBrMSgl8h
   uuBaMC2JLXlKRoLjdHUkRBod5VEJqOMQSDl57lBmMOKk0U7QJQbqdSOhe
   w==;
X-CSE-ConnectionGUID: DHa5mPRbRGqTlrLccv9+iA==
X-CSE-MsgGUID: Y8/JvhHsQZG4LF/ImZPAFg==
X-IronPort-AV: E=Sophos;i="6.23,170,1770595200"; 
   d="scan'208";a="16989540"
Received: from ip-10-5-0-115.us-west-2.compute.internal (HELO smtpout.naws.us-west-2.prod.farcaster.email.amazon.dev) ([10.5.0.115])
  by internal-pdx-out-003.esa.us-west-2.outbound.mail-perimeter.amazon.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 10 Apr 2026 01:16:23 +0000
Received: from EX19MTAUWC001.ant.amazon.com [205.251.233.105:31699]
 by smtpin.naws.us-west-2.prod.farcaster.email.amazon.dev [10.0.3.82:2525] with esmtp (Farcaster)
 id 0218addb-e3f2-4ce7-89d0-f199987a9e46; Fri, 10 Apr 2026 01:16:23 +0000 (UTC)
X-Farcaster-Flow-ID: 0218addb-e3f2-4ce7-89d0-f199987a9e46
Received: from EX19D001UWA001.ant.amazon.com (10.13.138.214) by
 EX19MTAUWC001.ant.amazon.com (10.250.64.174) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA) id 15.2.2562.37;
 Fri, 10 Apr 2026 01:16:22 +0000
Received: from dev-dsk-epetron-1c-1d4d9719.eu-west-1.amazon.com
 (10.253.109.105) by EX19D001UWA001.ant.amazon.com (10.13.138.214) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA) id 15.2.2562.37; Fri, 10 Apr 2026
 01:16:20 +0000
From: Evangelos Petrongonas <epetron@amazon.de>
To: "Mike Rapoport (Microsoft)" <rppt@kernel.org>, Alexander Graf
	<graf@amazon.com>
CC: Evangelos Petrongonas <epetron@amazon.de>, Pasha Tatashin
	<pasha.tatashin@soleen.com>, Pratyush Yadav <pratyush@kernel.org>, "Rob
 Herring" <robh@kernel.org>, Saravana Kannan <saravanak@google.com>, Changyuan
 Lyu <changyuanl@google.com>, Andrew Morton <akpm@linux-foundation.org>,
	<kexec@lists.infradead.org>, <linux-mm@kvack.org>,
	<linux-kernel@vger.kernel.org>, <nh-open-source@amazon.com>
Subject: [PATCH v2] kho: skip KHO for crash kernel
Date: Fri, 10 Apr 2026 01:16:05 +0000
Message-ID: <20260410011609.1103-1-epetron@amazon.de>
X-Mailer: git-send-email 2.47.3
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
X-ClientProxiedBy: EX19D043UWC001.ant.amazon.com (10.13.139.202) To
 EX19D001UWA001.ant.amazon.com (10.13.138.214)
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit

kho_fill_kimage() unconditionally populates the kimage with KHO
metadata for every kexec image type. When the image is a crash kernel,
this can be problematic as the crash kernel can run in a small reserved
region and the KHO scratch areas can sit outside it.
The crash kernel then faults during kho_memory_init() when it
tries phys_to_virt() on the KHO FDT address:

  Unable to handle kernel paging request at virtual address xxxxxxxx
  ...
    fdt_offset_ptr+...
    fdt_check_node_offset_+...
    fdt_first_property_offset+...
    fdt_get_property_namelen_+...
    fdt_getprop+...
    kho_memory_init+...
    mm_core_init+...
    start_kernel+...

kho_locate_mem_hole() already skips KHO logic for KEXEC_TYPE_CRASH
images, but kho_fill_kimage() was missing the same guard. As
kho_fill_kimage() is the single point that populates image->kho.fdt
and image->kho.scratch, fixing it here is sufficient for both arm64
and x86 as the FDT and boot_params path are bailing out when these
fields are unset.

Fixes: d7255959b69a ("kho: allow kexec load before KHO finalization")
Signed-off-by: Evangelos Petrongonas <epetron@amazon.de>
---

v2: Per Mike's review [1], move the guard into kho_fill_kimage() instead
    of patching the arch-level producers and consumers. This fixes
    both arm64 and x86 in one place and avoids redundant checks. Tested again.

Note regarding backporting
The offending commit was deployed with 6.19. The only other supported
kernel version with 6.18, unless I miss someting uses
```
if (!kho_out.finalized)
```
which in the case of crash kernel it shouldn't be finalised.


[1] https://lore.kernel.org/all/ade2ExpM8ROXV-vy@kernel.org/

 kernel/liveupdate/kexec_handover.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/kernel/liveupdate/kexec_handover.c b/kernel/liveupdate/kexec_handover.c
index cc68a3692905..1029fe8778f2 100644
--- a/kernel/liveupdate/kexec_handover.c
+++ b/kernel/liveupdate/kexec_handover.c
@@ -1551,7 +1551,7 @@ int kho_fill_kimage(struct kimage *image)
 	int err = 0;
 	struct kexec_buf scratch;
 
-	if (!kho_enable)
+	if (!kho_enable || image->type == KEXEC_TYPE_CRASH)
 		return 0;
 
 	image->kho.fdt = virt_to_phys(kho_out.fdt);
-- 
2.47.3




Amazon Web Services Development Center Germany GmbH
Tamara-Danz-Str. 13
10243 Berlin
Geschaeftsfuehrung: Christof Hellmis, Andreas Stieger
Eingetragen am Amtsgericht Charlottenburg unter HRB 257764 B
Sitz: Berlin
Ust-ID: DE 365 538 597