| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CANpmjNMmw366KEUnu_OQKDKvZJQErj2mXe7TxyQHObvpHjt5hA@mail.gmail.com>
Date: Wed, 26 Nov 2025 18:49:47 +0100
From: Marco Elver <elver@...gle.com>
To: Breno Leitao <leitao@...ian.org>
Cc: Alexander Potapenko <glider@...gle.com>, Dmitry Vyukov <dvyukov@...gle.com>,
Andrew Morton <akpm@...ux-foundation.org>, kasan-dev@...glegroups.com, linux-mm@...ck.org,
linux-kernel@...r.kernel.org, kernel-team@...a.com
Subject: Re: [PATCH] mm/kfence: add reboot notifier to disable KFENCE on shutdown
On Wed, 26 Nov 2025 at 18:46, Breno Leitao <leitao@...ian.org> wrote:
>
> During system shutdown, KFENCE can cause IPI synchronization issues if
> it remains active through the reboot process. To prevent this, register
> a reboot notifier that disables KFENCE and cancels any pending timer
> work early in the shutdown sequence.
>
> This is only necessary when CONFIG_KFENCE_STATIC_KEYS is enabled, as
> this configuration sends IPIs that can interfere with shutdown. Without
> static keys, no IPIs are generated and KFENCE can safely remain active.
>
> The notifier uses maximum priority (INT_MAX) to ensure KFENCE shuts
> down before other subsystems that might still depend on stable memory
> allocation behavior.
>
> This fixes a late kexec CSD lockup[1] when kfence is trying to IPI a CPU
> that is busy in a IRQ-disabled context printing characters to the
> console.
>
> Link: https://lore.kernel.org/all/sqwajvt7utnt463tzxgwu2yctyn5m6bjwrslsnupfexeml6hkd@v6sqmpbu3vvu/ [1]
>
> Signed-off-by: Breno Leitao <leitao@...ian.org>
Looks good as discussed in [1]:
Reviewed-by: Marco Elver <elver@...gle.com>
> ---
> mm/kfence/core.c | 24 ++++++++++++++++++++++++
> 1 file changed, 24 insertions(+)
>
> diff --git a/mm/kfence/core.c b/mm/kfence/core.c
> index 727c20c94ac5..162a026871ab 100644
> --- a/mm/kfence/core.c
> +++ b/mm/kfence/core.c
> @@ -26,6 +26,7 @@
> #include <linux/panic_notifier.h>
> #include <linux/random.h>
> #include <linux/rcupdate.h>
> +#include <linux/reboot.h>
> #include <linux/sched/clock.h>
> #include <linux/seq_file.h>
> #include <linux/slab.h>
> @@ -820,6 +821,25 @@ static struct notifier_block kfence_check_canary_notifier = {
> static struct delayed_work kfence_timer;
>
> #ifdef CONFIG_KFENCE_STATIC_KEYS
> +static int kfence_reboot_callback(struct notifier_block *nb,
> + unsigned long action, void *data)
> +{
> + /*
> + * Disable kfence to avoid static keys IPI synchronization during
> + * late shutdown/kexec
> + */
> + WRITE_ONCE(kfence_enabled, false);
> + /* Cancel any pending timer work */
> + cancel_delayed_work_sync(&kfence_timer);
> +
> + return NOTIFY_OK;
> +}
> +
> +static struct notifier_block kfence_reboot_notifier = {
> + .notifier_call = kfence_reboot_callback,
> + .priority = INT_MAX, /* Run early to stop timers ASAP */
> +};
> +
> /* Wait queue to wake up allocation-gate timer task. */
> static DECLARE_WAIT_QUEUE_HEAD(allocation_wait);
>
> @@ -901,6 +921,10 @@ static void kfence_init_enable(void)
> if (kfence_check_on_panic)
> atomic_notifier_chain_register(&panic_notifier_list, &kfence_check_canary_notifier);
>
> +#ifdef CONFIG_KFENCE_STATIC_KEYS
> + register_reboot_notifier(&kfence_reboot_notifier);
> +#endif
> +
> WRITE_ONCE(kfence_enabled, true);
> queue_delayed_work(system_unbound_wq, &kfence_timer, 0);
>
>
> ---
> base-commit: ab084f0b8d6d2ee4b1c6a28f39a2a7430bdfa7f0
> change-id: 20251126-kfence-42c93f9b3979
>
> Best regards,
> --
> Breno Leitao <leitao@...ian.org>
>
Powered by blists - more mailing lists