| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <aSmSmH5-8iXOErKw@willie-the-truck>
Date: Fri, 28 Nov 2025 12:16:24 +0000
From: Will Deacon <will@...nel.org>
To: Yeoreum Yun <yeoreum.yun@....com>
Cc: catalin.marinas@....com, akpm@...ux-foundation.org, bhe@...hat.com,
leitao@...ian.org, coxu@...hat.com,
linux-arm-kernel@...ts.infradead.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] arm64: kernel: initialize missing kexec_buf->random field
On Thu, Nov 27, 2025 at 06:26:44PM +0000, Yeoreum Yun wrote:
> Commit bf454ec31add ("kexec_file: allow to place kexec_buf randomly")
> introduced the kexec_buf->random field to enable random placement of
> kexec_buf.
>
> However, this field was never properly initialized for kexec images
> that do not need to be placed randomly, leading to the following UBSAN
> warning:
>
> [ +0.364528] ------------[ cut here ]------------
> [ +0.000019] UBSAN: invalid-load in ./include/linux/kexec.h:210:12
> [ +0.000131] load of value 2 is not a valid value for type 'bool' (aka '_Bool')
> [ +0.000003] CPU: 4 UID: 0 PID: 927 Comm: kexec Not tainted 6.18.0-rc7+ #3 PREEMPT(full)
> [ +0.000002] Hardware name: QEMU QEMU Virtual Machine, BIOS 0.0.0 02/06/2015
> [ +0.000000] Call trace:
> [ +0.000001] show_stack+0x24/0x40 (C)
> [ +0.000006] __dump_stack+0x28/0x48
> [ +0.000002] dump_stack_lvl+0x7c/0xb0
> [ +0.000002] dump_stack+0x18/0x34
> [ +0.000001] ubsan_epilogue+0x10/0x50
> [ +0.000002] __ubsan_handle_load_invalid_value+0xc8/0xd0
> [ +0.000003] locate_mem_hole_callback+0x28c/0x2a0
> [ +0.000003] kexec_locate_mem_hole+0xf4/0x2f0
> [ +0.000001] kexec_add_buffer+0xa8/0x178
> [ +0.000002] image_load+0xf0/0x258
> [ +0.000001] __arm64_sys_kexec_file_load+0x510/0x718
> [ +0.000002] invoke_syscall+0x68/0xe8
> [ +0.000001] el0_svc_common+0xb0/0xf8
> [ +0.000002] do_el0_svc+0x28/0x48
> [ +0.000001] el0_svc+0x40/0xe8
> [ +0.000002] el0t_64_sync_handler+0x84/0x140
> [ +0.000002] el0t_64_sync+0x1bc/0x1c0
>
> To address this, initialise kexec_buf->random field properly.
>
> Fixes: bf454ec31add ("kexec_file: allow to place kexec_buf randomly")
> Signed-off-by: Yeoreum Yun <yeoreum.yun@....com>
> ---
> arch/arm64/kernel/kexec_image.c | 3 +++
> arch/arm64/kernel/machine_kexec_file.c | 6 +++++-
> 2 files changed, 8 insertions(+), 1 deletion(-)
>
> diff --git a/arch/arm64/kernel/kexec_image.c b/arch/arm64/kernel/kexec_image.c
> index 532d72ea42ee..db6fb8c599a1 100644
> --- a/arch/arm64/kernel/kexec_image.c
> +++ b/arch/arm64/kernel/kexec_image.c
> @@ -76,6 +76,9 @@ static void *image_load(struct kimage *image,
> kbuf.buf_min = 0;
> kbuf.buf_max = ULONG_MAX;
> kbuf.top_down = false;
> +#ifdef CONFIG_CRASH_DUMP
> + kbuf.random = false;
> +#endif
>
> kbuf.buffer = kernel;
> kbuf.bufsz = kernel_len;
> diff --git a/arch/arm64/kernel/machine_kexec_file.c b/arch/arm64/kernel/machine_kexec_file.c
> index 410060ebd86d..06f38866424a 100644
> --- a/arch/arm64/kernel/machine_kexec_file.c
> +++ b/arch/arm64/kernel/machine_kexec_file.c
> @@ -94,7 +94,11 @@ int load_other_segments(struct kimage *image,
> char *initrd, unsigned long initrd_len,
> char *cmdline)
> {
> - struct kexec_buf kbuf = {};
> + struct kexec_buf kbuf = {
> +#ifdef CONFIG_CRASH_DUMP
> + .random = false,
> +#endif
> + };
This hunk is pointless.
Will
Powered by blists - more mailing lists