arch/powerpc/kexec/crash.c | 8 +- arch/x86/include/asm/idtentry.h | 1 + arch/x86/include/asm/irq_vectors.h | 1 + arch/x86/include/asm/smp.h | 7 + arch/x86/kernel/Makefile | 1 + arch/x86/kernel/crash.c | 4 +- arch/x86/kernel/head64.c | 5 + arch/x86/kernel/idt.c | 1 + arch/x86/kernel/setup.c | 3 + arch/x86/kernel/smp.c | 15 ++ arch/x86/kernel/smpboot.c | 161 +++++++++++++ arch/x86/kernel/trampoline_64_bsp.S | 288 ++++++++++++++++++++++ arch/x86/kernel/vmlinux.lds.S | 6 + include/linux/kexec.h | 22 +- include/linux/multikernel.h | 81 +++++++ include/uapi/linux/kexec.h | 1 + include/uapi/linux/reboot.h | 2 +- init/main.c | 2 + kernel/Makefile | 2 +- kernel/kexec.c | 103 +++++++- kernel/kexec_core.c | 359 ++++++++++++++++++++++++++++ kernel/kexec_file.c | 33 ++- kernel/multikernel.c | 314 ++++++++++++++++++++++++ kernel/reboot.c | 10 + 24 files changed, 1411 insertions(+), 19 deletions(-) create mode 100644 arch/x86/kernel/trampoline_64_bsp.S create mode 100644 include/linux/multikernel.h create mode 100644 kernel/multikernel.c
This patch series introduces multikernel architecture support, enabling
multiple independent kernel instances to coexist and communicate on a
single physical machine. Each kernel instance can run on dedicated CPU
cores while sharing the underlying hardware resources.
The multikernel architecture provides several key benefits:
- Improved fault isolation between different workloads
- Enhanced security through kernel-level separation
- Better resource utilization than traditional VM (KVM, Xen etc.)
- Potential zero-down kernel update with KHO (Kernel Hand Over)
Architecture Overview:
The implementation leverages kexec infrastructure to load and manage
multiple kernel images, with each kernel instance assigned to specific
CPU cores. Inter-kernel communication is facilitated through a dedicated
IPI framework that allows kernels to coordinate and share information
when necessary.
Key Components:
1. Enhanced kexec subsystem with dynamic kimage tracking
2. Generic IPI communication framework for inter-kernel messaging
3. Architecture-specific CPU bootstrap mechanisms (only x86 so far)
4. Proc interface for monitoring loaded kernel instances
Patch Summary:
Patch 1/7: Introduces basic multikernel support via kexec, allowing
multiple kernel images to be loaded simultaneously.
Patch 2/7: Adds x86-specific SMP INIT trampoline for bootstrapping
CPUs with different kernel instances.
Patch 3/7: Introduces dedicated MULTIKERNEL_VECTOR for x86 inter-kernel
communication.
Patch 4/7: Implements generic multikernel IPI communication framework
for cross-kernel messaging and coordination.
Patch 5/7: Adds arch_cpu_physical_id() function to obtain physical CPU
identifiers for proper CPU management.
Patch 6/7: Replaces static kimage globals with dynamic linked list
infrastructure to support multiple kernel images.
Patch 7/7: Adds /proc/multikernel interface for monitoring and debugging
loaded kernel instances.
The implementation maintains full backward compatibility with existing
kexec functionality while adding the new multikernel capabilities.
IMPORTANT NOTES:
1) This is a Request for Comments (RFC) submission. While the core
architecture is functional, there are numerous implementation details
that need improvement. The primary goal is to gather feedback on the
high-level design and overall approach rather than focus on specific
coding details at this stage.
2) This patch series represents only the foundational framework for
multikernel support. It establishes the basic infrastructure and
communication mechanisms. We welcome the community to build upon
this foundation and develop their own solutions based on this
framework.
3) Testing has been limited to the author's development machine using
hard-coded boot parameters and specific hardware configurations.
Community testing across different hardware platforms, configurations,
and use cases would be greatly appreciated to identify potential
issues and improve robustness. Obviously, don't use this code beyond
testing.
This work enables new use cases such as running real-time kernels
alongside general-purpose kernels, isolating security-critical
applications, and providing dedicated kernel instances for specific
workloads etc..
Signed-off-by: Cong Wang <cwang@multikernel.io>
---
Cong Wang (7):
kexec: Introduce multikernel support via kexec
x86: Introduce SMP INIT trampoline for multikernel CPU bootstrap
x86: Introduce MULTIKERNEL_VECTOR for inter-kernel communication
kernel: Introduce generic multikernel IPI communication framework
x86: Introduce arch_cpu_physical_id() to obtain physical CPU ID
kexec: Implement dynamic kimage tracking
kexec: Add /proc/multikernel interface for kimage tracking
arch/powerpc/kexec/crash.c | 8 +-
arch/x86/include/asm/idtentry.h | 1 +
arch/x86/include/asm/irq_vectors.h | 1 +
arch/x86/include/asm/smp.h | 7 +
arch/x86/kernel/Makefile | 1 +
arch/x86/kernel/crash.c | 4 +-
arch/x86/kernel/head64.c | 5 +
arch/x86/kernel/idt.c | 1 +
arch/x86/kernel/setup.c | 3 +
arch/x86/kernel/smp.c | 15 ++
arch/x86/kernel/smpboot.c | 161 +++++++++++++
arch/x86/kernel/trampoline_64_bsp.S | 288 ++++++++++++++++++++++
arch/x86/kernel/vmlinux.lds.S | 6 +
include/linux/kexec.h | 22 +-
include/linux/multikernel.h | 81 +++++++
include/uapi/linux/kexec.h | 1 +
include/uapi/linux/reboot.h | 2 +-
init/main.c | 2 +
kernel/Makefile | 2 +-
kernel/kexec.c | 103 +++++++-
kernel/kexec_core.c | 359 ++++++++++++++++++++++++++++
kernel/kexec_file.c | 33 ++-
kernel/multikernel.c | 314 ++++++++++++++++++++++++
kernel/reboot.c | 10 +
24 files changed, 1411 insertions(+), 19 deletions(-)
create mode 100644 arch/x86/kernel/trampoline_64_bsp.S
create mode 100644 include/linux/multikernel.h
create mode 100644 kernel/multikernel.c
--
2.34.1
On Thu, Sep 18, 2025 at 03:25:59PM -0700, Cong Wang wrote: > This patch series introduces multikernel architecture support, enabling > multiple independent kernel instances to coexist and communicate on a > single physical machine. Each kernel instance can run on dedicated CPU > cores while sharing the underlying hardware resources. > > The multikernel architecture provides several key benefits: > - Improved fault isolation between different workloads > - Enhanced security through kernel-level separation > - Better resource utilization than traditional VM (KVM, Xen etc.) > - Potential zero-down kernel update with KHO (Kernel Hand Over) This list is like asking AI to list benefits, or like the whole cover letter has that type of feel. I'd probably work on benchmarks and other types of tests that can deliver comparative figures, and show data that addresses workloads with KVM, namespaces/cgroups and this, reflecting these qualities. E.g. consider "Enhanced security through kernel-level separation". It's a pre-existing feature probably since dawn of time. Any new layer makes obviously more complex version "kernel-level separation". You'd had to prove that this even more complex version is more secure than pre-existing science. kexec and its various corner cases and how this patch set addresses them is the part where I'm most lost. If I look at one of multikernel distros (I don't know any other tbh) that I know it's really VT-d and that type of hardware enforcement that make Qubes shine: https://www.qubes-os.org/ That said, I did not look how/if this is using CPU virtualization features as part of the solution, so correct me if I'm wrong. I'm not entirely sure whether this is aimed to be alternative to namespaces/cgroups or vms but more in the direction of Solaris Zones would be imho better alternative at least for containers because it saves the overhead of an extra kernel. There's also a patch set for this: https://lwn.net/Articles/780364/?ref=alian.info VM barrier combined with IOMMU is pretty strong and hardware enforced, and with polished configuration it can be fairly performant (e.g. via page cache bypass and stuff like that) so really the overhead that this is fighting against is context switch overhead. In security I don't believe this has any realistic chances to win over VMs and IOMMU... BR, Jarkko
On Fri, Sep 26, 2025 at 2:01 AM Jarkko Sakkinen <jarkko@kernel.org> wrote: > > On Thu, Sep 18, 2025 at 03:25:59PM -0700, Cong Wang wrote: > > This patch series introduces multikernel architecture support, enabling > > multiple independent kernel instances to coexist and communicate on a > > single physical machine. Each kernel instance can run on dedicated CPU > > cores while sharing the underlying hardware resources. > > > > The multikernel architecture provides several key benefits: > > - Improved fault isolation between different workloads > > - Enhanced security through kernel-level separation > > - Better resource utilization than traditional VM (KVM, Xen etc.) > > - Potential zero-down kernel update with KHO (Kernel Hand Over) > > This list is like asking AI to list benefits, or like the whole cover > letter has that type of feel. Sorry for giving you that feeling. Please let me know how I can improve it for you. > > I'd probably work on benchmarks and other types of tests that can > deliver comparative figures, and show data that addresses workloads > with KVM, namespaces/cgroups and this, reflecting these qualities. Sure, I think performance comes after usability, not vice versa. > > E.g. consider "Enhanced security through kernel-level separation". > It's a pre-existing feature probably since dawn of time. Any new layer > makes obviously more complex version "kernel-level separation". You'd > had to prove that this even more complex version is more secure than > pre-existing science. Apologize for this. Do you mind explaining why this is more complex than the KVM/Qemu/vhost/virtio/VDPA stack? > > kexec and its various corner cases and how this patch set addresses > them is the part where I'm most lost. Sorry for that. I will post Youtube videos to explain kexec in detail, please follow our Youtube channel if you are interested. (I don't want to post a link here in case people think I am promoting my own interest, please email me privately.) > > If I look at one of multikernel distros (I don't know any other > tbh) that I know it's really VT-d and that type of hardware > enforcement that make Qubes shine: > > https://www.qubes-os.org/ > > That said, I did not look how/if this is using CPU virtualization > features as part of the solution, so correct me if I'm wrong. Qubes OS is based on Xen: https://en.wikipedia.org/wiki/Qubes_OS > > I'm not entirely sure whether this is aimed to be alternative to > namespaces/cgroups or vms but more in the direction of Solaris Zones > would be imho better alternative at least for containers because > it saves the overhead of an extra kernel. There's also a patch set > for this: > > https://lwn.net/Articles/780364/?ref=alian.info Solaris Zones also share a single kernel. Or maybe I guess you meant Kernel Zones? Isn't it a justification for our multikernel approach for Linux? :-) BTW, it is less flexible since it completely isolates kernels without inter-kernel communication. With our design, you can still choose not to use inter-kernel IPI's, which turns dynamic into static. > > VM barrier combined with IOMMU is pretty strong and hardware > enforced, and with polished configuration it can be fairly > performant (e.g. via page cache bypass and stuff like that) > so really the overhead that this is fighting against is > context switch overhead. > > In security I don't believe this has any realistic chances to > win over VMs and IOMMU... I appreciate you sharing your opinions. I hope my information helps. Regards, Cong Wang
On Sat, Sep 27, 2025 at 01:27:04PM -0700, Cong Wang wrote: > On Fri, Sep 26, 2025 at 2:01 AM Jarkko Sakkinen <jarkko@kernel.org> wrote: > > > > On Thu, Sep 18, 2025 at 03:25:59PM -0700, Cong Wang wrote: > > > This patch series introduces multikernel architecture support, enabling > > > multiple independent kernel instances to coexist and communicate on a > > > single physical machine. Each kernel instance can run on dedicated CPU > > > cores while sharing the underlying hardware resources. > > > > > > The multikernel architecture provides several key benefits: > > > - Improved fault isolation between different workloads > > > - Enhanced security through kernel-level separation > > > - Better resource utilization than traditional VM (KVM, Xen etc.) > > > - Potential zero-down kernel update with KHO (Kernel Hand Over) > > > > This list is like asking AI to list benefits, or like the whole cover > > letter has that type of feel. > > Sorry for giving you that feeling. Please let me know how I can > improve it for you. There is no evidence of any of these benefits. That's the central issue. You pretty much must give quantatitve proof of any of these claims or the benefit is imaginary. > > > > > I'd probably work on benchmarks and other types of tests that can > > deliver comparative figures, and show data that addresses workloads > > with KVM, namespaces/cgroups and this, reflecting these qualities. > > Sure, I think performance comes after usability, not vice versa. > > > > > > E.g. consider "Enhanced security through kernel-level separation". > > It's a pre-existing feature probably since dawn of time. Any new layer > > makes obviously more complex version "kernel-level separation". You'd > > had to prove that this even more complex version is more secure than > > pre-existing science. > > Apologize for this. Do you mind explaining why this is more complex > than the KVM/Qemu/vhost/virtio/VDPA stack? KVM does not complicate kernel level separation or access control per kernel instance at all. A guest in the end of the day is just a fancy executable. This feature on the other hand intervenes various easily breaking code paths. > > > > > kexec and its various corner cases and how this patch set addresses > > them is the part where I'm most lost. > > Sorry for that. I will post Youtube videos to explain kexec in detail, > please follow our Youtube channel if you are interested. (I don't > want to post a link here in case people think I am promoting my > own interest, please email me privately.) Here I have to say that posting a youtube link to LKML is of your own interest is not unacceptable as far as I'm concerned :-) That said, I don't promise that I will watch any of the Youtube videos posted either here or privately. All the quantitative proof should be embedded to patches. > > > > > If I look at one of multikernel distros (I don't know any other > > tbh) that I know it's really VT-d and that type of hardware > > enforcement that make Qubes shine: > > > > https://www.qubes-os.org/ > > > > That said, I did not look how/if this is using CPU virtualization > > features as part of the solution, so correct me if I'm wrong. > > Qubes OS is based on Xen: > https://en.wikipedia.org/wiki/Qubes_OS Yes, and it works great, and has much stronger security metrics than this could ever reach, and that is quantitative fact, thanks to great technologies such as VT-d :-) This is why I'm repeating the requirement for quantitative proof. We have already great solutions to most what this can do so building evidence of usefulness is the huge stretch this patch set should make it. Nothing personal, but with the current basically just claims, I don't believe in this. That said, by saying this I don't I'd pick my soccer no. If there is enough evidence, I'm always ready to turn my opinion 180 degrees. > > > > > I'm not entirely sure whether this is aimed to be alternative to > > namespaces/cgroups or vms but more in the direction of Solaris Zones > > would be imho better alternative at least for containers because > > it saves the overhead of an extra kernel. There's also a patch set > > for this: > > > > https://lwn.net/Articles/780364/?ref=alian.info > > Solaris Zones also share a single kernel. Or maybe I guess > you meant Kernel Zones? Isn't it a justification for our multikernel > approach for Linux? :-) > > BTW, it is less flexible since it completely isolates kernels > without inter-kernel communication. With our design, you can > still choose not to use inter-kernel IPI's, which turns dynamic > into static. > > > > > VM barrier combined with IOMMU is pretty strong and hardware > > enforced, and with polished configuration it can be fairly > > performant (e.g. via page cache bypass and stuff like that) > > so really the overhead that this is fighting against is > > context switch overhead. > > > > In security I don't believe this has any realistic chances to > > win over VMs and IOMMU... > > I appreciate you sharing your opinions. I hope my information > helps. I'd put strong focus on getting the figures aside with the claims :-) > > Regards, > Cong Wang BR, Jarkko
On Sat, Sep 27, 2025 at 4:27 PM Cong Wang <xiyou.wangcong@gmail.com> wrote: > > On Fri, Sep 26, 2025 at 2:01 AM Jarkko Sakkinen <jarkko@kernel.org> wrote: > > > > On Thu, Sep 18, 2025 at 03:25:59PM -0700, Cong Wang wrote: > > > This patch series introduces multikernel architecture support, enabling > > > multiple independent kernel instances to coexist and communicate on a > > > single physical machine. Each kernel instance can run on dedicated CPU > > > cores while sharing the underlying hardware resources. > > > > > > The multikernel architecture provides several key benefits: > > > - Improved fault isolation between different workloads > > > - Enhanced security through kernel-level separation > > > - Better resource utilization than traditional VM (KVM, Xen etc.) > > > - Potential zero-down kernel update with KHO (Kernel Hand Over) > > > > This list is like asking AI to list benefits, or like the whole cover > > letter has that type of feel. > > Sorry for giving you that feeling. Please let me know how I can > improve it for you. > > > > > I'd probably work on benchmarks and other types of tests that can > > deliver comparative figures, and show data that addresses workloads > > with KVM, namespaces/cgroups and this, reflecting these qualities. > > Sure, I think performance comes after usability, not vice versa. > > > > > > E.g. consider "Enhanced security through kernel-level separation". > > It's a pre-existing feature probably since dawn of time. Any new layer > > makes obviously more complex version "kernel-level separation". You'd > > had to prove that this even more complex version is more secure than > > pre-existing science. > > Apologize for this. Do you mind explaining why this is more complex > than the KVM/Qemu/vhost/virtio/VDPA stack? > > > > > kexec and its various corner cases and how this patch set addresses > > them is the part where I'm most lost. > > Sorry for that. I will post Youtube videos to explain kexec in detail, > please follow our Youtube channel if you are interested. (I don't > want to post a link here in case people think I am promoting my > own interest, please email me privately.) > > > > > If I look at one of multikernel distros (I don't know any other > > tbh) that I know it's really VT-d and that type of hardware > > enforcement that make Qubes shine: > > > > https://www.qubes-os.org/ > > > > That said, I did not look how/if this is using CPU virtualization > > features as part of the solution, so correct me if I'm wrong. > > Qubes OS is based on Xen: > https://en.wikipedia.org/wiki/Qubes_OS > > > > > I'm not entirely sure whether this is aimed to be alternative to > > namespaces/cgroups or vms but more in the direction of Solaris Zones > > would be imho better alternative at least for containers because > > it saves the overhead of an extra kernel. There's also a patch set > > for this: > > > > https://lwn.net/Articles/780364/?ref=alian.info > > Solaris Zones also share a single kernel. Or maybe I guess > you meant Kernel Zones? Isn't it a justification for our multikernel > approach for Linux? :-) Solaris kernel zones use sun4v hypervisor to protect isolation. There is no such thing on x86 and arm. Pasha
> 2025年9月19日 06:25,Cong Wang <xiyou.wangcong@gmail.com> 写道: > > This patch series introduces multikernel architecture support, enabling > multiple independent kernel instances to coexist and communicate on a > single physical machine. Each kernel instance can run on dedicated CPU > cores while sharing the underlying hardware resources. Hi Cong, Sorry for chime in here, and thanks for brining replicated-kernel back to the life. I have some experience on original Popcorn Linux [1] [2], which seems to be the root of most code in this series, please see my comments below. > > The multikernel architecture provides several key benefits: > - Improved fault isolation between different workloads > - Enhanced security through kernel-level separation I’d agree with Stefen’s comments [3], an "isolation” solution is critical for adaptation of multikernel OS, given that multi-tenant system is almost everywhere. Also allowing other kernel to inject IPI without any restriction can impose DOS attack risk. > - Better resource utilization than traditional VM (KVM, Xen etc.) > - Potential zero-down kernel update with KHO (Kernel Hand Over) > > Architecture Overview: > The implementation leverages kexec infrastructure to load and manage > multiple kernel images, with each kernel instance assigned to specific > CPU cores. Inter-kernel communication is facilitated through a dedicated > IPI framework that allows kernels to coordinate and share information > when necessary. > > Key Components: > 1. Enhanced kexec subsystem with dynamic kimage tracking > 2. Generic IPI communication framework for inter-kernel messaging I actually have concerns over inter-kernel communication. The origin Popcorn IPI protocol, which seems to be inherited here, was designed as a prototype, without much consideration on the ecosystem. It would be nice if we can reused existing infra design for inter kernel communication. I would suggest look into OpenAMP [4] and remoteproc subsystem in kernel. They already have mature solutions on communication between different kernels over coherent memory and mailboxes (rpmsg [5] co). They also defined ELF extensions to pass side band information for other kernel images. Linaro folks are also working on a new VirtIO transport called virtio-msg [6], [7], which is designed with Linux-Linux hardware partitioning scenario in mind. > 3. Architecture-specific CPU bootstrap mechanisms (only x86 so far) > 4. Proc interface for monitoring loaded kernel instances > > […] Thanks - Jiaxun [1]: https://www.kernel.org/doc/ols/2014/ols2014-barbalace.pdf [2]: https://sourceforge.net/projects/popcornlinux/ [3]: https://lore.kernel.org/all/CAM_iQpXnHr7WC6VN3WB-+=CZGF5pyfo9y9D4MCc_Wwgp29hBrw@mail.gmail.com/ [4]: https://www.openampproject.org/ [5]: https://docs.kernel.org/staging/rpmsg.html [6]: https://linaro.atlassian.net/wiki/spaces/HVAC/overview [7]: https://lwn.net/Articles/1031928/ > > > -- > 2.34.1
Hi Jiaxun, On Thu, Sep 25, 2025 at 8:48 AM Jiaxun Yang <jiaxun.yang@flygoat.com> wrote: > > > > > 2025年9月19日 06:25,Cong Wang <xiyou.wangcong@gmail.com> 写道: > > > > This patch series introduces multikernel architecture support, enabling > > multiple independent kernel instances to coexist and communicate on a > > single physical machine. Each kernel instance can run on dedicated CPU > > cores while sharing the underlying hardware resources. > > Hi Cong, > > Sorry for chime in here, and thanks for brining replicated-kernel back to the life. I have to clarify: in my design, kernel is not replicated. It is the opposite, I intend to have diversified kernels for highly customization for each application. > > I have some experience on original Popcorn Linux [1] [2], which seems to be the > root of most code in this series, please see my comments below. > > > > > The multikernel architecture provides several key benefits: > > - Improved fault isolation between different workloads > > - Enhanced security through kernel-level separation > > I’d agree with Stefen’s comments [3], an "isolation” solution is critical for adaptation > of multikernel OS, given that multi-tenant system is almost everywhere. > > Also allowing other kernel to inject IPI without any restriction can impose DOS attack > risk. This is true. Like I mentioned, this is also a good opportunity to invite hardware (CPU) vendors to catch up with software, for example, they could provide hardware-filtering for IPI via MSR. If we look at how virtualization evolves, it is the hardware follows software. VMCS comes after Xen or KVM, VPDA comes after virtio. > > > - Better resource utilization than traditional VM (KVM, Xen etc.) > > - Potential zero-down kernel update with KHO (Kernel Hand Over) > > > > Architecture Overview: > > The implementation leverages kexec infrastructure to load and manage > > multiple kernel images, with each kernel instance assigned to specific > > CPU cores. Inter-kernel communication is facilitated through a dedicated > > IPI framework that allows kernels to coordinate and share information > > when necessary. > > > > Key Components: > > 1. Enhanced kexec subsystem with dynamic kimage tracking > > 2. Generic IPI communication framework for inter-kernel messaging > > I actually have concerns over inter-kernel communication. The origin Popcorn > IPI protocol, which seems to be inherited here, was designed as a prototype, > without much consideration on the ecosystem. It would be nice if we can reused > existing infra design for inter kernel communication. Popcorn does the opposite: it still stays with a single image which is essentially against isolation. In fact, I also read its latest paper this year, I don't see any essential change on this big direction: https://www.ssrg.ece.vt.edu/papers/asplos25.pdf This is why fundamentally Popcorn is not suitable for isolation. Please don't get me wrong: I am not questioning its usefulness, it is just simply two opposite directions. I wish people best luck on the heterogeneous ISA design, and I hope major CPU vendors will catch up with you too. :) > > I would suggest look into OpenAMP [4] and remoteproc subsystem in kernel. They > already have mature solutions on communication between different kernels over coherent > memory and mailboxes (rpmsg [5] co). They also defined ELF extensions to pass side band > information for other kernel images. Thanks for the pointers. Jim Huang also shared his idea on remoteproc at LinuxCon this year. After evaluations, I found remoteproc may not be as good as IPI. Remoteproc is designed for heterogeneous systems with different architectures, adding unnecessary abstraction layers. > > Linaro folks are also working on a new VirtIO transport called virtio-msg [6], [7], which is designed > with Linux-Linux hardware partitioning scenario in mind. I think there is still a fundamental difference between static partitioning. and elastic resource allocation. Static partitioning can be achieved as a default case of dynamic allocation when resources remain unchanged, but the reverse is not possible. Hope this makes sense to you. Regards, Cong Wang
On Friday 2025-09-19 00:25, Cong Wang wrote: >This patch series introduces multikernel architecture support, enabling >multiple independent kernel instances to coexist and communicate on a >single physical machine. > >Each kernel instance can run on dedicated CPU >cores while sharing the underlying hardware resources. I initially read it in such a way that that kernels run without supervisor, and thus necessarily cooperatively, on a system. But then I looked at <https://multikernel.io/assets/images/comparison-architecture-diagrams.svg>, saw that there is a kernel on top of a kernel, to which my reactive thought was: "well, that has been done before", e.g. User Mode Linux. While UML does not technically talk to hardware directly, continuing the thought "what's stopping a willing developer from giving /dev/mem to the subordinate kernel". On second thought, a hypervisor is just some kind of "miniature kernel" too (if generalizing very hard).
On Sun, Sep 21, 2025 at 07:54:31AM +0200, Jan Engelhardt wrote: > > On Friday 2025-09-19 00:25, Cong Wang wrote: > > >This patch series introduces multikernel architecture support, enabling > >multiple independent kernel instances to coexist and communicate on a > >single physical machine. > > > >Each kernel instance can run on dedicated CPU > >cores while sharing the underlying hardware resources. > > I initially read it in such a way that that kernels run without > supervisor, and thus necessarily cooperatively, on a system. > > But then I looked at > <https://multikernel.io/assets/images/comparison-architecture-diagrams.svg>, The diagram also oversimplifies containers, with system containers the "OS" runs inside the container and only the kernel is shared. It's interesting to hear how the multikernel approach compare to system containers as well. > saw that there is a kernel on top of a kernel, to which my reactive > thought was: "well, that has been done before", e.g. User Mode Linux. > While UML does not technically talk to hardware directly, continuing > the thought "what's stopping a willing developer from giving /dev/mem > to the subordinate kernel". > > On second thought, a hypervisor is just some kind of "miniature > kernel" too (if generalizing very hard). > -- Sincerely yours, Mike.
On Thu, 18 Sep 2025 15:25:59 -0700 Cong Wang wrote: > This patch series introduces multikernel architecture support, enabling > multiple independent kernel instances to coexist and communicate on a > single physical machine. Each kernel instance can run on dedicated CPU > cores while sharing the underlying hardware resources. > > The multikernel architecture provides several key benefits: > - Improved fault isolation between different workloads > - Enhanced security through kernel-level separation > - Better resource utilization than traditional VM (KVM, Xen etc.) > - Potential zero-down kernel update with KHO (Kernel Hand Over) > Could you illustrate a couple of use cases to help understand your idea?
On Sat, Sep 20, 2025 at 6:47 PM Hillf Danton <hdanton@sina.com> wrote: > > On Thu, 18 Sep 2025 15:25:59 -0700 Cong Wang wrote: > > This patch series introduces multikernel architecture support, enabling > > multiple independent kernel instances to coexist and communicate on a > > single physical machine. Each kernel instance can run on dedicated CPU > > cores while sharing the underlying hardware resources. > > > > The multikernel architecture provides several key benefits: > > - Improved fault isolation between different workloads > > - Enhanced security through kernel-level separation > > - Better resource utilization than traditional VM (KVM, Xen etc.) > > - Potential zero-down kernel update with KHO (Kernel Hand Over) > > > Could you illustrate a couple of use cases to help understand your idea? Sure, below are a few use cases on my mind: 1) With sufficient hardware resources: each kernel gets isolated resources with real bare metal performance. This applies to all VM/container use cases today, just with pure better performance: no virtualization, no noisy neighbor. More importantly, they can co-exist. In theory, you can run a multiernel with a VM inside and with a container inside the VM. 2) Active-backup kernel for mission-critical tasks: after the primary kernel crashes, a backup kernel in parallel immediately takes over without interrupting the user-space task. Dual-kernel systems are very common for automotives today. 3) Getting rid of the OS to reduce the attack surface. We could pack everything properly in an initramfs and run it directly without bothering a full OS. This is similar to what unikernels or macro VM's do today. 4) Machine learning in the kernel. Machine learning is too specific to workloads, for instance, mixing real-time scheduling and non-RT can be challenging for ML to tune the CPU scheduler, which is an essential multi-goal learning. 5) Per-application specialized kernel: For example, running a RT kernel and non-RT kernel in parallel. Memory footprint can also be reduced by reducing the 5-level paging tables when necessary. I hope this helps. Regards, Cong
On Mon, 22 Sep 2025 14:55:41 -0700 Cong Wang wrote: > On Sat, Sep 20, 2025 at 6:47 PM Hillf Danton <hdanton@sina.com> wrote: > > On Thu, 18 Sep 2025 15:25:59 -0700 Cong Wang wrote: > > > This patch series introduces multikernel architecture support, enabling > > > multiple independent kernel instances to coexist and communicate on a > > > single physical machine. Each kernel instance can run on dedicated CPU > > > cores while sharing the underlying hardware resources. > > > > > > The multikernel architecture provides several key benefits: > > > - Improved fault isolation between different workloads > > > - Enhanced security through kernel-level separation > > > - Better resource utilization than traditional VM (KVM, Xen etc.) > > > - Potential zero-down kernel update with KHO (Kernel Hand Over) > > > > > Could you illustrate a couple of use cases to help understand your idea? > > Sure, below are a few use cases on my mind: > > 1) With sufficient hardware resources: each kernel gets isolated resources > with real bare metal performance. This applies to all VM/container use cases > today, just with pure better performance: no virtualization, no noisy neighbor. > > More importantly, they can co-exist. In theory, you can run a multiernel with > a VM inside and with a container inside the VM. > If the 6.17 eevdf perfs better than the 6.15 one could, their co-exist wastes bare metal cpu cycles. > 2) Active-backup kernel for mission-critical tasks: after the primary kernel > crashes, a backup kernel in parallel immediately takes over without interrupting > the user-space task. > > Dual-kernel systems are very common for automotives today. > If 6.17 is more stable than 6.14, running the latter sounds like square skull in the product environment. > 3) Getting rid of the OS to reduce the attack surface. We could pack everything > properly in an initramfs and run it directly without bothering a full > OS. This is similar to what unikernels or macro VM's do today. > Duno > 4) Machine learning in the kernel. Machine learning is too specific to > workloads, for instance, mixing real-time scheduling and non-RT can be challenging for > ML to tune the CPU scheduler, which is an essential multi-goal learning. > No room for CUDA in kernel I think in 2025. > 5) Per-application specialized kernel: For example, running a RT kernel > and non-RT kernel in parallel. Memory footprint can also be reduced by > reducing the 5-level paging tables when necessary. If RT makes your product earn more money in fewer weeks, why is eevdf another option, given RT means no schedule at the first place?
On Tue, Sep 23, 2025 at 6:12 PM Hillf Danton <hdanton@sina.com> wrote: > > On Mon, 22 Sep 2025 14:55:41 -0700 Cong Wang wrote: > > On Sat, Sep 20, 2025 at 6:47 PM Hillf Danton <hdanton@sina.com> wrote: > > > On Thu, 18 Sep 2025 15:25:59 -0700 Cong Wang wrote: > > > > This patch series introduces multikernel architecture support, enabling > > > > multiple independent kernel instances to coexist and communicate on a > > > > single physical machine. Each kernel instance can run on dedicated CPU > > > > cores while sharing the underlying hardware resources. > > > > > > > > The multikernel architecture provides several key benefits: > > > > - Improved fault isolation between different workloads > > > > - Enhanced security through kernel-level separation > > > > - Better resource utilization than traditional VM (KVM, Xen etc.) > > > > - Potential zero-down kernel update with KHO (Kernel Hand Over) > > > > > > > Could you illustrate a couple of use cases to help understand your idea? > > > > Sure, below are a few use cases on my mind: > > > > 1) With sufficient hardware resources: each kernel gets isolated resources > > with real bare metal performance. This applies to all VM/container use cases > > today, just with pure better performance: no virtualization, no noisy neighbor. > > > > More importantly, they can co-exist. In theory, you can run a multiernel with > > a VM inside and with a container inside the VM. > > > If the 6.17 eevdf perfs better than the 6.15 one could, their co-exist wastes > bare metal cpu cycles. I think we should never eliminate the ability of not using multikernel, users should have a choice. Apologize if I didn't make this clear. And even if you only want one kernel, you might still want to use zero-downtime upgrade via multikernel. ;-) > > > 2) Active-backup kernel for mission-critical tasks: after the primary kernel > > crashes, a backup kernel in parallel immediately takes over without interrupting > > the user-space task. > > > > Dual-kernel systems are very common for automotives today. > > > If 6.17 is more stable than 6.14, running the latter sounds like square skull > in the product environment. I don't think anyone here wants to take your freedom of doing so. You also have a choice of not using multikernel or kexec, or even CONFIG_KEXEC=n. :) On the other hand, let's also respect the fact that many automotives today use dual-kernel systems (one for interaction, one for autonomous driving). > > > 3) Getting rid of the OS to reduce the attack surface. We could pack everything > > properly in an initramfs and run it directly without bothering a full > > OS. This is similar to what unikernels or macro VM's do today. > > > Duno Same, choice is always on the table, it must be. > > > 4) Machine learning in the kernel. Machine learning is too specific to > > workloads, for instance, mixing real-time scheduling and non-RT can be challenging for > > ML to tune the CPU scheduler, which is an essential multi-goal learning. > > > No room for CUDA in kernel I think in 2025. Maybe yes. LAKE is framework for using GPU-accelerated ML in the kernel: https://utns.cs.utexas.edu/assets/papers/lake_camera_ready.pdf If you are interested in this area, there are tons of papers existing. > > > 5) Per-application specialized kernel: For example, running a RT kernel > > and non-RT kernel in parallel. Memory footprint can also be reduced by > > reducing the 5-level paging tables when necessary. > > If RT makes your product earn more money in fewer weeks, why is eevdf > another option, given RT means no schedule at the first place? I wish there is a one-single perfect solution for everyone, unfortunately the reality seems to be the opposite. Regards, Cong Wang
On Thu, Sep 18, 2025 at 03:25:59PM -0700, Cong Wang wrote: > This patch series introduces multikernel architecture support, enabling > multiple independent kernel instances to coexist and communicate on a > single physical machine. Each kernel instance can run on dedicated CPU > cores while sharing the underlying hardware resources. > > The multikernel architecture provides several key benefits: > - Improved fault isolation between different workloads > - Enhanced security through kernel-level separation What level of isolation does this patch series provide? What stops kernel A from accessing kernel B's memory pages, sending interrupts to its CPUs, etc? > - Better resource utilization than traditional VM (KVM, Xen etc.) > - Potential zero-down kernel update with KHO (Kernel Hand Over) > > Architecture Overview: > The implementation leverages kexec infrastructure to load and manage > multiple kernel images, with each kernel instance assigned to specific > CPU cores. Inter-kernel communication is facilitated through a dedicated > IPI framework that allows kernels to coordinate and share information > when necessary. > > Key Components: > 1. Enhanced kexec subsystem with dynamic kimage tracking > 2. Generic IPI communication framework for inter-kernel messaging > 3. Architecture-specific CPU bootstrap mechanisms (only x86 so far) > 4. Proc interface for monitoring loaded kernel instances > > Patch Summary: > > Patch 1/7: Introduces basic multikernel support via kexec, allowing > multiple kernel images to be loaded simultaneously. > > Patch 2/7: Adds x86-specific SMP INIT trampoline for bootstrapping > CPUs with different kernel instances. > > Patch 3/7: Introduces dedicated MULTIKERNEL_VECTOR for x86 inter-kernel > communication. > > Patch 4/7: Implements generic multikernel IPI communication framework > for cross-kernel messaging and coordination. > > Patch 5/7: Adds arch_cpu_physical_id() function to obtain physical CPU > identifiers for proper CPU management. > > Patch 6/7: Replaces static kimage globals with dynamic linked list > infrastructure to support multiple kernel images. > > Patch 7/7: Adds /proc/multikernel interface for monitoring and debugging > loaded kernel instances. > > The implementation maintains full backward compatibility with existing > kexec functionality while adding the new multikernel capabilities. > > IMPORTANT NOTES: > > 1) This is a Request for Comments (RFC) submission. While the core > architecture is functional, there are numerous implementation details > that need improvement. The primary goal is to gather feedback on the > high-level design and overall approach rather than focus on specific > coding details at this stage. > > 2) This patch series represents only the foundational framework for > multikernel support. It establishes the basic infrastructure and > communication mechanisms. We welcome the community to build upon > this foundation and develop their own solutions based on this > framework. > > 3) Testing has been limited to the author's development machine using > hard-coded boot parameters and specific hardware configurations. > Community testing across different hardware platforms, configurations, > and use cases would be greatly appreciated to identify potential > issues and improve robustness. Obviously, don't use this code beyond > testing. > > This work enables new use cases such as running real-time kernels > alongside general-purpose kernels, isolating security-critical > applications, and providing dedicated kernel instances for specific > workloads etc.. This reminds me of Jailhouse, a partitioning hypervisor for Linux. Jailhouse uses virtualization and other techniques to isolate CPUs, allowing real-time workloads to run alongside Linux: https://github.com/siemens/jailhouse It would be interesting to hear your thoughts about where you want to go with this series and how it compares with a partitioning hypervisor like Jailhouse. Thanks, Stefan > > Signed-off-by: Cong Wang <cwang@multikernel.io> > > --- > > Cong Wang (7): > kexec: Introduce multikernel support via kexec > x86: Introduce SMP INIT trampoline for multikernel CPU bootstrap > x86: Introduce MULTIKERNEL_VECTOR for inter-kernel communication > kernel: Introduce generic multikernel IPI communication framework > x86: Introduce arch_cpu_physical_id() to obtain physical CPU ID > kexec: Implement dynamic kimage tracking > kexec: Add /proc/multikernel interface for kimage tracking > > arch/powerpc/kexec/crash.c | 8 +- > arch/x86/include/asm/idtentry.h | 1 + > arch/x86/include/asm/irq_vectors.h | 1 + > arch/x86/include/asm/smp.h | 7 + > arch/x86/kernel/Makefile | 1 + > arch/x86/kernel/crash.c | 4 +- > arch/x86/kernel/head64.c | 5 + > arch/x86/kernel/idt.c | 1 + > arch/x86/kernel/setup.c | 3 + > arch/x86/kernel/smp.c | 15 ++ > arch/x86/kernel/smpboot.c | 161 +++++++++++++ > arch/x86/kernel/trampoline_64_bsp.S | 288 ++++++++++++++++++++++ > arch/x86/kernel/vmlinux.lds.S | 6 + > include/linux/kexec.h | 22 +- > include/linux/multikernel.h | 81 +++++++ > include/uapi/linux/kexec.h | 1 + > include/uapi/linux/reboot.h | 2 +- > init/main.c | 2 + > kernel/Makefile | 2 +- > kernel/kexec.c | 103 +++++++- > kernel/kexec_core.c | 359 ++++++++++++++++++++++++++++ > kernel/kexec_file.c | 33 ++- > kernel/multikernel.c | 314 ++++++++++++++++++++++++ > kernel/reboot.c | 10 + > 24 files changed, 1411 insertions(+), 19 deletions(-) > create mode 100644 arch/x86/kernel/trampoline_64_bsp.S > create mode 100644 include/linux/multikernel.h > create mode 100644 kernel/multikernel.c > > -- > 2.34.1 >
On Thu, Sep 18, 2025 at 6:26 PM Cong Wang <xiyou.wangcong@gmail.com> wrote: > > This patch series introduces multikernel architecture support, enabling > multiple independent kernel instances to coexist and communicate on a > single physical machine. Each kernel instance can run on dedicated CPU > cores while sharing the underlying hardware resources. > > The multikernel architecture provides several key benefits: > - Improved fault isolation between different workloads > - Enhanced security through kernel-level separation > - Better resource utilization than traditional VM (KVM, Xen etc.) > - Potential zero-down kernel update with KHO (Kernel Hand Over) Hi Cong, Thank you for submitting this; it is an exciting series. I experimented with this approach about five years ago for a Live Update scenario. It required surprisingly little work to get two OSes to boot simultaneously on the same x86 hardware. The procedure I followed looked like this: 1. Create an immutable kernel image bundle: kernel + initramfs. 2. The first kernel is booted with memmap parameters, setting aside the first 1G for its own operation, the second 1G for the next kernel (reserved), and the rest as PMEM for the VMs. 3. In the first kernel, we offline one CPU and kexec the second kernel with parameters that specify to use only the offlined CPU as the boot CPU and to keep the other CPUs offline (i.e., smp_init does not start other CPUs). The memmap specify the first 1G reserved, and the 2nd 1G for its own operations, and the rest is PMEM. 4. Passing the VMs worked by suspending them in the old kernel. 5. The other CPUs are onlined in the new kernel (thus killing the old kernel). 6. The VMs are resumed in the new kernel. While this approach was easy to get to the experimental PoC, it has some fundamental problems that I am not sure can be solved in the long run, such as handling global machine states like interrupts. I think the Orphaned VM approach (i.e., keeping VCPUs running through the Live Update procedure) is more reliable and likely to succeed for zero-downtime kernel updates. Pasha > > Architecture Overview: > The implementation leverages kexec infrastructure to load and manage > multiple kernel images, with each kernel instance assigned to specific > CPU cores. Inter-kernel communication is facilitated through a dedicated > IPI framework that allows kernels to coordinate and share information > when necessary. > > Key Components: > 1. Enhanced kexec subsystem with dynamic kimage tracking > 2. Generic IPI communication framework for inter-kernel messaging > 3. Architecture-specific CPU bootstrap mechanisms (only x86 so far) > 4. Proc interface for monitoring loaded kernel instances > > Patch Summary: > > Patch 1/7: Introduces basic multikernel support via kexec, allowing > multiple kernel images to be loaded simultaneously. > > Patch 2/7: Adds x86-specific SMP INIT trampoline for bootstrapping > CPUs with different kernel instances. > > Patch 3/7: Introduces dedicated MULTIKERNEL_VECTOR for x86 inter-kernel > communication. > > Patch 4/7: Implements generic multikernel IPI communication framework > for cross-kernel messaging and coordination. > > Patch 5/7: Adds arch_cpu_physical_id() function to obtain physical CPU > identifiers for proper CPU management. > > Patch 6/7: Replaces static kimage globals with dynamic linked list > infrastructure to support multiple kernel images. > > Patch 7/7: Adds /proc/multikernel interface for monitoring and debugging > loaded kernel instances. > > The implementation maintains full backward compatibility with existing > kexec functionality while adding the new multikernel capabilities. > > IMPORTANT NOTES: > > 1) This is a Request for Comments (RFC) submission. While the core > architecture is functional, there are numerous implementation details > that need improvement. The primary goal is to gather feedback on the > high-level design and overall approach rather than focus on specific > coding details at this stage. > > 2) This patch series represents only the foundational framework for > multikernel support. It establishes the basic infrastructure and > communication mechanisms. We welcome the community to build upon > this foundation and develop their own solutions based on this > framework. > > 3) Testing has been limited to the author's development machine using > hard-coded boot parameters and specific hardware configurations. > Community testing across different hardware platforms, configurations, > and use cases would be greatly appreciated to identify potential > issues and improve robustness. Obviously, don't use this code beyond > testing. > > This work enables new use cases such as running real-time kernels > alongside general-purpose kernels, isolating security-critical > applications, and providing dedicated kernel instances for specific > workloads etc.. > > Signed-off-by: Cong Wang <cwang@multikernel.io> > > --- > > Cong Wang (7): > kexec: Introduce multikernel support via kexec > x86: Introduce SMP INIT trampoline for multikernel CPU bootstrap > x86: Introduce MULTIKERNEL_VECTOR for inter-kernel communication > kernel: Introduce generic multikernel IPI communication framework > x86: Introduce arch_cpu_physical_id() to obtain physical CPU ID > kexec: Implement dynamic kimage tracking > kexec: Add /proc/multikernel interface for kimage tracking > > arch/powerpc/kexec/crash.c | 8 +- > arch/x86/include/asm/idtentry.h | 1 + > arch/x86/include/asm/irq_vectors.h | 1 + > arch/x86/include/asm/smp.h | 7 + > arch/x86/kernel/Makefile | 1 + > arch/x86/kernel/crash.c | 4 +- > arch/x86/kernel/head64.c | 5 + > arch/x86/kernel/idt.c | 1 + > arch/x86/kernel/setup.c | 3 + > arch/x86/kernel/smp.c | 15 ++ > arch/x86/kernel/smpboot.c | 161 +++++++++++++ > arch/x86/kernel/trampoline_64_bsp.S | 288 ++++++++++++++++++++++ > arch/x86/kernel/vmlinux.lds.S | 6 + > include/linux/kexec.h | 22 +- > include/linux/multikernel.h | 81 +++++++ > include/uapi/linux/kexec.h | 1 + > include/uapi/linux/reboot.h | 2 +- > init/main.c | 2 + > kernel/Makefile | 2 +- > kernel/kexec.c | 103 +++++++- > kernel/kexec_core.c | 359 ++++++++++++++++++++++++++++ > kernel/kexec_file.c | 33 ++- > kernel/multikernel.c | 314 ++++++++++++++++++++++++ > kernel/reboot.c | 10 + > 24 files changed, 1411 insertions(+), 19 deletions(-) > create mode 100644 arch/x86/kernel/trampoline_64_bsp.S > create mode 100644 include/linux/multikernel.h > create mode 100644 kernel/multikernel.c > > -- > 2.34.1 >
syzbot ci has tested the following series [v1] kernel: Introduce multikernel architecture support https://lore.kernel.org/all/20250918222607.186488-1-xiyou.wangcong@gmail.com * [RFC Patch 1/7] kexec: Introduce multikernel support via kexec * [RFC Patch 2/7] x86: Introduce SMP INIT trampoline for multikernel CPU bootstrap * [RFC Patch 3/7] x86: Introduce MULTIKERNEL_VECTOR for inter-kernel communication * [RFC Patch 4/7] kernel: Introduce generic multikernel IPI communication framework * [RFC Patch 5/7] x86: Introduce arch_cpu_physical_id() to obtain physical CPU ID * [RFC Patch 6/7] kexec: Implement dynamic kimage tracking * [RFC Patch 7/7] kexec: Add /proc/multikernel interface for kimage tracking and found the following issue: WARNING in note_page Full report is available here: https://ci.syzbot.org/series/9ca759c7-776a-4d45-a2f9-5e6ca245e989 *** WARNING in note_page tree: torvalds URL: https://kernel.googlesource.com/pub/scm/linux/kernel/git/torvalds/linux base: f83ec76bf285bea5727f478a68b894f5543ca76e arch: amd64 compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8 config: https://ci.syzbot.org/builds/645f543b-aa06-4977-81f2-45a0b44a2133/config Key type fscrypt-provisioning registered kAFS: Red Hat AFS client v0.1 registering. Btrfs loaded, assert=on, ref-verify=on, zoned=yes, fsverity=yes Key type big_key registered Key type encrypted registered AppArmor: AppArmor sha256 policy hashing enabled ima: No TPM chip found, activating TPM-bypass! Loading compiled-in module X.509 certificates Loaded X.509 cert 'Build time autogenerated kernel key: 75e3f237904f24df4a2b6e4eae1a8f34effb6643' ima: Allocated hash algorithm: sha256 ima: No architecture policies found evm: Initialising EVM extended attributes: evm: security.selinux (disabled) evm: security.SMACK64 (disabled) evm: security.SMACK64EXEC (disabled) evm: security.SMACK64TRANSMUTE (disabled) evm: security.SMACK64MMAP (disabled) evm: security.apparmor evm: security.ima evm: security.capability evm: HMAC attrs: 0x1 PM: Magic number: 9:738:504 usb usb41-port1: hash matches usb usb40-port2: hash matches netconsole: network logging started gtp: GTP module loaded (pdp ctx size 128 bytes) rdma_rxe: loaded cfg80211: Loading compiled-in X.509 certificates for regulatory database Loaded X.509 cert 'sforshee: 00b28ddf47aef9cea7' Loaded X.509 cert 'wens: 61c038651aabdcf94bd0ac7ff06c7248db18c600' clk: Disabling unused clocks ALSA device list: #0: Dummy 1 #1: Loopback 1 #2: Virtual MIDI Card 1 check access for rdinit=/init failed: -2, ignoring md: Waiting for all devices to be available before autodetect md: If you don't use raid, use raid=noautodetect md: Autodetecting RAID arrays. md: autorun ... md: ... autorun DONE. EXT4-fs (sda1): mounted filesystem b4773fba-1738-4da0-8a90-0fe043d0a496 ro with ordered data mode. Quota mode: none. VFS: Mounted root (ext4 filesystem) readonly on device 8:1. devtmpfs: mounted Freeing unused kernel image (initmem) memory: 26168K Write protecting the kernel read-only data: 210944k Freeing unused kernel image (text/rodata gap) memory: 104K Freeing unused kernel image (rodata/data gap) memory: 300K ------------[ cut here ]------------ x86/mm: Found insecure W+X mapping at address 0xffff888000096000 WARNING: CPU: 1 PID: 1 at arch/x86/mm/dump_pagetables.c:248 note_page+0x12a5/0x14a0 Modules linked in: CPU: 1 UID: 0 PID: 1 Comm: swapper/0 Not tainted syzkaller #0 PREEMPT(full) Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014 RIP: 0010:note_page+0x12a5/0x14a0 Code: d5 49 00 c6 05 bd 7d 17 0e 01 90 43 80 3c 2e 00 74 08 4c 89 ff e8 9b 47 ad 00 49 8b 37 48 c7 c7 40 98 88 8b e8 1c 53 0d 00 90 <0f> 0b 90 90 49 bd 00 00 00 00 00 fc ff df e9 5a f1 ff ff 44 89 f9 RSP: 0000:ffffc90000047678 EFLAGS: 00010246 RAX: 0829288c8ce4fa00 RBX: ffffc90000047cf0 RCX: ffff88801c2d0000 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000002 RBP: 0000000000000001 R08: 0000000000000003 R09: 0000000000000004 R10: dffffc0000000000 R11: fffffbfff1bfa274 R12: ffffffffffffffff R13: dffffc0000000000 R14: 1ffff92000008fb2 R15: ffffc90000047d90 FS: 0000000000000000(0000) GS:ffff8881a3c09000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000000 CR3: 000000000df36000 CR4: 00000000000006f0 Call Trace: <TASK> ptdump_pte_entry+0xc6/0xe0 walk_pte_range_inner+0x1ba/0x380 walk_pgd_range+0x1467/0x1d40 walk_page_range_debug+0x312/0x3d0 ptdump_walk_pgd+0x126/0x320 ptdump_walk_pgd_level_core+0x260/0x3e0 kernel_init+0x53/0x1d0 ret_from_fork+0x439/0x7d0 ret_from_fork_asm+0x1a/0x30 </TASK> *** If these findings have caused you to resend the series or submit a separate fix, please add the following tag to your commit message: Tested-by: syzbot@syzkaller.appspotmail.com --- This report is generated by a bot. It may contain errors. syzbot ci engineers can be reached at syzkaller@googlegroups.com.
© 2016 - 2025 Red Hat, Inc.