| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20251205015934.700016-1-jianpeng.chang.cn@windriver.com>
Date: Fri, 5 Dec 2025 09:59:34 +0800
From: Jianpeng Chang <jianpeng.chang.cn@...driver.com>
To: <robh@...nel.org>, <saravanak@...gle.com>, <quic_obabatun@...cinc.com>
CC: <devicetree@...r.kernel.org>, <linux-kernel@...r.kernel.org>,
"Jianpeng
Chang" <jianpeng.chang.cn@...driver.com>
Subject: [PATCH] arm64: kdump: Fix elfcorehdr overlap caused by reserved memory processing reorder
Commit 8a6e02d0c00e ("of: reserved_mem: Restructure how the reserved
memory regions are processed") changed the processing order of reserved
memory regions, causing elfcorehdr to overlap with dynamically allocated
reserved memory regions during kdump kernel boot.
The issue occurs because:
1. kexec-tools allocates elfcorehdr in the last crashkernel reserved
memory region and passes it to the second kernel
2. The problematic commit moved dynamic reserved memory allocation
(like bman-fbpr) to occur during fdt_scan_reserved_mem(), before
elfcorehdr reservation in fdt_reserve_elfcorehdr()
3. bman-fbpr with 16MB alignment requirement can get allocated at
addresses that overlap with the elfcorehdr location
4. When fdt_reserve_elfcorehdr() tries to reserve elfcorehdr memory,
overlap detection identifies the conflict and skips reservation
5. kdump kernel fails with "Unable to handle kernel paging request"
because elfcorehdr memory is not properly reserved
The boot log:
Before 8a6e02d0c00e:
OF: fdt: Reserving 1 KiB of memory at 0xf4fff000 for elfcorehdr
OF: reserved mem: 0xf3000000..0xf3ffffff bman-fbpr
After 8a6e02d0c00e:
OF: reserved mem: 0xf4000000..0xf4ffffff bman-fbpr
OF: fdt: elfcorehdr is overlapped
Fix this by ensuring elfcorehdr reservation occurs before dynamic
reserved memory allocation.
Fixes: 8a6e02d0c00e ("of: reserved_mem: Restructure how the reserved memory regions are processed")
Signed-off-by: Jianpeng Chang <jianpeng.chang.cn@...driver.com>
---
This BUG is manifested on NXP LS1043 platforms, while other
platforms don't trigger this issue, it represents a general problem,
and it's more safer to follow original reservation order.
drivers/of/fdt.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/of/fdt.c b/drivers/of/fdt.c
index 0edd639898a6..158ae61c7882 100644
--- a/drivers/of/fdt.c
+++ b/drivers/of/fdt.c
@@ -503,8 +503,8 @@ void __init early_init_fdt_scan_reserved_mem(void)
if (!initial_boot_params)
return;
- fdt_scan_reserved_mem();
fdt_reserve_elfcorehdr();
+ fdt_scan_reserved_mem();
/* Process header /memreserve/ fields */
for (n = 0; ; n++) {
--
2.52.0
Powered by blists - more mailing lists