From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mail-pf1-f180.google.com (mail-pf1-f180.google.com [209.85.210.180])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 706F01EEA54
	for <linux-kernel@vger.kernel.org>; Fri,  1 May 2026 09:49:26 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.210.180
ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1777628967; cv=none; b=CQkNIKosOb/RXBWM7lWX4y8e0Uh6aQTsdTA3ALhNuG0WQi7Od1dSRWnQYHtcdHO4PBwde0p4X9uVuL5gk8xjK16Pbx2EWFQK8fcMIZRRbBQoTkOnDG9Lb/i3/ObriNh94HFLyCXiozBQw3NHNGO1D9ENWWzI+64vp72nXWf8aAI=
ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1777628967; c=relaxed/simple;
	bh=Q6rAUho39LxHRI60a2JyQD3wLldjwxzpNJ5/ekSBH2w=;
	h=From:To:Cc:Subject:Date:Message-ID:MIME-Version; b=Q3ofU+FmXEsQk7qvFGfjFXY7cNTcJY4rpQueeXDLUnLCt2Ptm7K6ArTS+atlB5RD0KP7VJd98Obp94DpNq85+mHSJtkOC0PI4yYi7Zz6qowf9yQOT1deIHUWmBdQaNbem3Hac4in/rU3m/hpSONz35waIuwQzwl8eNfoCIEe4f0=
ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=WN+V73Td; arc=none smtp.client-ip=209.85.210.180
Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com
Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="WN+V73Td"
Received: by mail-pf1-f180.google.com with SMTP id d2e1a72fcca58-82f8b60e54dso1266461b3a.2
        for <linux-kernel@vger.kernel.org>; Fri, 01 May 2026 02:49:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20251104; t=1777628966; x=1778233766; darn=vger.kernel.org;
        h=content-transfer-encoding:mime-version:message-id:date:subject:cc
         :to:from:from:to:cc:subject:date:message-id:reply-to;
        bh=1tin0jspbQdn8mi23t+nODJtrr3QhSqiLRjH754JK3U=;
        b=WN+V73TdQuQ48XzyRU/yx+tp0yzAkxE2WHsvSr+OMvTmZTs6WGwa/QeTq//iEMPzUX
         K3Ce9Y2YrRcvvVhymPxzixR8EIvJEdOB5j+07jRboggd4lQJusY7IfiUThHbYaaGkHiK
         4+lrH9L7CcMX3mbNB158gFhIKf0zKafwg2d8Ik06KfIYlyfDQ/l/qu/0HyXvSQT5g4eC
         cxWFBh8QwK8H7zg9iuGta5rpRNNPEMScot6/jGXyrhs/RAKTXh0dxV9zDErg80qehawE
         ah0Zww4VVjw5h6E0YzTK1UX2CEiR26DgXv/lxGAaId1W4kq8ucywLE/IBh59eN1WQirc
         ZuYA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20251104; t=1777628966; x=1778233766;
        h=content-transfer-encoding:mime-version:message-id:date:subject:cc
         :to:from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date
         :message-id:reply-to;
        bh=1tin0jspbQdn8mi23t+nODJtrr3QhSqiLRjH754JK3U=;
        b=hjKmD/l8JJgLiO09ysESoMfWv8PaCuNgYuuRMhOIAsKwECUV3DeVMBVtw/I8lfCedB
         w04trjSwGGpJuaCwwa6ejDKXlVpgnmzwQY9p7vf3EPKmeBHcNIVKdDV/mJxxAgo3FIwn
         FUl7Gg6GOr7XpGeIhqyYI4G+zHXcyHc3T4uKqqXi8RcKQukamR/E/7Otxi11LiU03S6t
         W5LseSI06ppk8H7eyQKloYFIHwI2Q10D5jrcLhFXNFMIgSwUh9D6Fj4N+9ztUyUMhAJx
         JP5SguU7MBvkbraOkYT89E4MaU8qDssPgH2DIWY0Q7muUSghKVcCvAY0GMx+RoeSDQX5
         Ie0g==
X-Forwarded-Encrypted: i=1; AFNElJ+LL+ujDPtZ+BX7wP7skD9XsoZMmRUqL1tB/m0BEOlE5pdF0SImKnyl3nCRHc45matpVplfTxwenoQZesU=@vger.kernel.org
X-Gm-Message-State: AOJu0YxF2/UPmp4bfTcRKD6+ulw9hginEF5ANobsistQgPJ544QK1MpT
	g6M3KGULqtNhPhTxlDaKxn7RLlGzoVl7ItuarTgiIOo5HX/Nv0/gG3Nl
X-Gm-Gg: AeBDieu0yEALdne8EK7pE74E8OuVLNm0XcLAA4B7U0JsIeMAdPIASXKuEYeUr9b8qMB
	4YL52Qc7Y2OKt9o3CaNjexsd7IRJca8LKhLHxQ5nwDCR8jGyB406lOYUhzsof5glutj/eUIqNnZ
	by/rcFRyNBqzebyR2VXYo0NVpu3UTbiIyUa2AWM6mn4a+6nffEbIGufW4kDgablsJ6Uc3yVTYPH
	Sd6MddI3vUS6iCxjkTtTihIPTI5nTdAN3Y4PSa1fBOFkfL5igI6zA5XWGuoHvejGSllQvJ4zftg
	lx+rSVuvX052d9u2YT0HP07NIEvpk+YNduFHYghP3gu3mm+pXg3oNJEc322opfjE+ZAVZjwcC+b
	Q7mZwkQXe79yokiDyd/1iQh6HMiGUOAqBdIVbh+ysq2YvDZOMg1dWtRDwUO+Pg8yB5Ss40X4At5
	amvYqUILNkcpK9tPg+1bXAArbKHdGSa92dYs0z9A==
X-Received: by 2002:a05:6a00:8e01:b0:82f:9e98:1356 with SMTP id d2e1a72fcca58-8351a31126emr2478609b3a.20.1777628965625;
        Fri, 01 May 2026 02:49:25 -0700 (PDT)
Received: from laptop ([2001:4455:8025:be00:eebe:247e:613c:24d7])
        by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-8351582dd55sm2042729b3a.1.2026.05.01.02.49.21
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 01 May 2026 02:49:25 -0700 (PDT)
From: Cris Jacob Maamor <crisjacobmaamor@gmail.com>
To: Mike Rapoport <rppt@kernel.org>,
	Pasha Tatashin <pasha.tatashin@soleen.com>,
	Pratyush Yadav <pratyush@kernel.org>
Cc: Alexander Graf <graf@amazon.com>,
	Andrew Morton <akpm@linux-foundation.org>,
	Dan Carpenter <dan.carpenter@linaro.org>,
	Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
	kexec@lists.infradead.org,
	linux-mm@kvack.org,
	linux-kernel@vger.kernel.org
Subject: [PATCH RFC 0/5] liveupdate: validate restored LUO metadata
Date: Fri,  1 May 2026 17:46:32 +0800
Message-ID: <20260501094637.38650-1-crisjacobmaamor@gmail.com>
X-Mailer: git-send-email 2.53.0
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

LUO restores metadata from KHO/FDT during liveupdate. The restored
metadata contains physical addresses and count fields used to access and
walk preserved session, file-set, and FLB arrays.

This series adds a non-consuming KHO preserved-range check and uses it
before phys_to_virt() on restored metadata addresses. It also rejects
restored counts above LUO_SESSION_MAX, LUO_FILE_MAX, and LUO_FLB_MAX
before traversal.

As far as I can tell, this is root/admin-only; I do not have evidence
that a normal unprivileged user can trigger it directly.

I have not reproduced this in a VM yet, so I may be missing a KHO
invariant or a preferred restore helper pattern. Feedback on the helper
semantics is welcome.

Cris Jacob Maamor (5):
  kexec: handover: add helper to check preserved page ranges
  liveupdate: validate restored LUO FDT before use
  liveupdate: validate restored LUO session metadata
  liveupdate: validate restored LUO file-set metadata
  liveupdate: validate restored LUO FLB metadata

 include/linux/kexec_handover.h     |  6 +++++
 kernel/liveupdate/kexec_handover.c | 35 ++++++++++++++++++++++++++++++
 kernel/liveupdate/luo_core.c       | 10 ++++++++-
 kernel/liveupdate/luo_file.c       | 14 ++++++++++--
 kernel/liveupdate/luo_flb.c        | 23 +++++++++++++++++++-
 kernel/liveupdate/luo_session.c    | 22 +++++++++++++++++--
 6 files changed, 104 insertions(+), 6 deletions(-)

-- 
2.53.0