lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <aSLTd7pAWgalkT7X@kernel.org>
Date: Sun, 23 Nov 2025 11:27:19 +0200
From: Mike Rapoport <rppt@...nel.org>
To: ranxiaokai627@....com
Cc: akpm@...ux-foundation.org, catalin.marinas@....com,
	changyuanl@...gle.com, graf@...zon.com, pasha.tatashin@...een.com,
	pratyush@...nel.org, kexec@...ts.infradead.org,
	linux-kernel@...r.kernel.org, linux-mm@...ck.org,
	ran.xiaokai@....com.cn
Subject: Re: [PATCH v2] KHO: Fix boot failure due to kmemleak access to
 non-PRESENT pages

Hi,

On Sat, Nov 22, 2025 at 06:29:29PM +0000, ranxiaokai627@....com wrote:
> From: Ran Xiaokai <ran.xiaokai@....com.cn>
> 
> When booting with debug_pagealloc=on while having:
> CONFIG_KEXEC_HANDOVER_ENABLE_DEFAULT=y
> CONFIG_DEBUG_KMEMLEAK_DEFAULT_OFF=n
> the system fails to boot due to page faults during kmemleak scanning.
> 
> This occurs because:
> With debug_pagealloc is enabled, __free_pages() invokes
> debug_pagealloc_unmap_pages(), clearing the _PAGE_PRESENT bit for
> freed pages in the kernel page table.
> Commit 3dc92c311498 ("kexec: add Kexec HandOver (KHO) generation helpers")
> triggers this when releases the KHO scratch region calling
> init_cma_reserved_pageblock(). Subsequent kmemleak scanning accesses
> these non-PRESENT pages, leading to fatal page faults.

I believe this is more clear:

With debug_pagealloc is enabled, __free_pages() invokes
debug_pagealloc_unmap_pages(), clearing the _PAGE_PRESENT bit for
freed pages in the kernel page table.
KHO scratch areas are allocated from memblock and noted by kmemleak. But
these areas don't remain reserved but released later to the page allocator
using init_cma_reserved_pageblock(). This causes subsequent kmemleak scans
access non-PRESENT pages, leading to fatal page faults.
 
> Call kmemleak_ignore_phys() from kho_init() to exclude
> the reserved region from kmemleak scanning before
> it is released to the buddy allocator to fix this.

I'd suggest

Mark scratch areas with kmemleak_ignore_phys() after they are allocated
from memblock to exclude them from kmemleak scanning before they are
released to buddy allocator to fix this.

> 

Fixes: 3dc92c311498 ("kexec: add Kexec HandOver (KHO) generation helpers")

> Signed-off-by: Ran Xiaokai <ran.xiaokai@....com.cn>

With the changes above

Reviewed-by: Mike Rapoport (Microsoft) <rppt@...nel.org>

> ---
>  kernel/liveupdate/kexec_handover.c | 2 ++
>  1 file changed, 2 insertions(+)
> 
> diff --git a/kernel/liveupdate/kexec_handover.c b/kernel/liveupdate/kexec_handover.c
> index 224bdf5becb6..c729d455ee7b 100644
> --- a/kernel/liveupdate/kexec_handover.c
> +++ b/kernel/liveupdate/kexec_handover.c
> @@ -11,6 +11,7 @@
>  
>  #include <linux/cleanup.h>
>  #include <linux/cma.h>
> +#include <linux/kmemleak.h>
>  #include <linux/count_zeros.h>
>  #include <linux/kexec.h>
>  #include <linux/kexec_handover.h>
> @@ -1369,6 +1370,7 @@ static __init int kho_init(void)
>  		unsigned long count = kho_scratch[i].size >> PAGE_SHIFT;
>  		unsigned long pfn;
>  
> +		kmemleak_ignore_phys(kho_scratch[i].addr);
>  		for (pfn = base_pfn; pfn < base_pfn + count;
>  		     pfn += pageblock_nr_pages)
>  			init_cma_reserved_pageblock(pfn_to_page(pfn));
> -- 
> 2.25.1
> 
> 

-- 
Sincerely yours,
Mike.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ