From nobody Sun Jun 14 07:35:01 2026 Received: from mail-pf1-f175.google.com (mail-pf1-f175.google.com [209.85.210.175]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id EF4D81EEA54 for ; Fri, 1 May 2026 09:49:30 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.210.175 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777628972; cv=none; b=l7RypW/l55bUXI/IwxbiRSoVyf2fwQvw6rKsWmAxdZ89A4ZxYR0M0qyRdVMTqR7mQCNtdPdSyE69bk4pP1pYt9khXfTBCL/IDGH7p6EXwoL+0lV3KrUo7OLe7Szt3BsuppcZA+0TDpM38RKp3f4OVJloIDVXTJurIYYfW+HyKes= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777628972; c=relaxed/simple; bh=U4PedywE6nlu7XEW35KkVkhp/J/rX1qJ2BYv5Pn/fC0=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=TOcJlfICYtvnTBzcF4E9oEKok69FOgF4t+Lpk1R6MwfhbWphZFDCYtO4xUo8oUFqxDsp48zQ4WUKYtFKO6DtoJR8h9Zj8Uj6OkwSumh6gpdYU7/apJ3ib1mdxCRaHARTP31rvUKdVuBygL3dKB7QCox2meXjT1zbB5tMhXfpkg0= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=lzEpjfF7; arc=none smtp.client-ip=209.85.210.175 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="lzEpjfF7" Received: by mail-pf1-f175.google.com with SMTP id d2e1a72fcca58-82f431c0ab6so865565b3a.0 for ; Fri, 01 May 2026 02:49:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1777628970; x=1778233770; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=D3bCYUylpNTAuWyS15iXLK7eGG+AcPbkT8lStAYKXTI=; b=lzEpjfF7E8z9LE65pX/QBVi3OIO8jMHLL8w5T1yJS6CVUpbp2e0CAqmfX0ySl+0crU 8eV2APaQKA4XntDor2W4dc9yKCQYX9lQD68jcugRHrKk4ROx5lNVZpnnXLIWinwdltAK Ek+ZC3RJCjNkVp+ODGC741YjmMFA7emt55jNrH2tOumE1jR2ckPKQ5nmlRqo88bseMvN FzVPuPCKvGKnFa69RLMf9SmrG9onZb3ko6glV9LqPi0/aF1XwRTMwp97R/S6HSmS9ZS4 hE2+KkkxK8TvfqXOvpV6vkbXhoGHW8bzxRnHrSuXP4/NNPuJda0jimP4yL+PpNnrswnA aTZw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1777628970; x=1778233770; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=D3bCYUylpNTAuWyS15iXLK7eGG+AcPbkT8lStAYKXTI=; b=NvL21gnAFL9HsEvuvBmgXlpZOioUO1bPYD6i4qWrob+HCIR1dL13i6xldVTzXtYIRO od8kpEsm8DqTgNK+4Nq9R8+Zn7VdggQajPKnGEprqYCZCst4twUrnl69Wy7/YN9G2kJF fumgtRTFZhyZnkFn2TiwLH7nLhv5iHrHYqUjItxzGdoTWbtgo1gZBGtVB6M43mt8Gdlr G4phIyff3iucUvK38KilX5OSnyjsQxnsOWswK/3K7tXXY45t1NxcUvL5XxBPvknZRLgy xjI1MERMjsSZkdLRRcYlGwuvSVpQ+usbMtdue0mKVUWoOyMyl/qSPVi4EqSSzvNp1UCs ixdw== X-Forwarded-Encrypted: i=1; AFNElJ8r6J0GWYWZhg/yCqA09dcwuexFusbRZ5p+ISUd0+WaRk32rh5wZ1wVjO04s62+ciRjoCMfRBwMZHkTGok=@vger.kernel.org X-Gm-Message-State: AOJu0YzyrZlxy7KQuepzncTdYSBDTHlBdXlyD0+pIDjXtXLJ3NSnLB3p P2NpUvxubMduCpem3rxbyrfq+a///wRd8yDHcRvEniaL+U55lGvC9ixx X-Gm-Gg: AeBDiet1kQI7UYVj39THB6DFaLTtWba2d842ORPke5CfrUNW8/IrIzzV2Ra/sqSW3/q m/8ozoraE4Joy6MgmlaShcDZNpOv3j4OcDmo8ajm+06fWtBgHeb1rS3IU8lWyYLbg7iF2SW+WFU R/GVmsUBY9IIv4gTwo73fvEkXhxfNBID6qS2bua+9PteaiWIjx8r3Hwa4HVEmdSSmNUIdavUnNH QaUY7VstJo28v16BhaJHekDUUNTeEoZHo/Yg/yEQlPWb6yiaBJtv/mbCoGbuT/HloE55+wGnwPU lKKnTIkRzYVomxXv28KDAQQD+PCkM3XoiHsNiu5UP3HgvcqUsJKULw2YoCZZgyauNakJJgV0WuX eAWsxF4bw10tZ6NZKFAxN7+i3u46ieSSP5Mo8DjBX845F94bjv2BaUnFC8YzlQ9abZgAgW4royV 5qI5ZDRX/WdMjXLJGpYciCqSFcI/WCSibPof7Eew== X-Received: by 2002:aa7:8886:0:b0:82f:9985:d4a1 with SMTP id d2e1a72fcca58-8351a58db50mr2518784b3a.24.1777628970155; Fri, 01 May 2026 02:49:30 -0700 (PDT) Received: from laptop ([2001:4455:8025:be00:eebe:247e:613c:24d7]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-8351582dd55sm2042729b3a.1.2026.05.01.02.49.26 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 01 May 2026 02:49:29 -0700 (PDT) From: Cris Jacob Maamor To: Mike Rapoport , Pasha Tatashin , Pratyush Yadav Cc: Alexander Graf , Andrew Morton , Dan Carpenter , Greg Kroah-Hartman , kexec@lists.infradead.org, linux-mm@kvack.org, linux-kernel@vger.kernel.org Subject: [PATCH RFC 1/5] kexec: handover: add helper to check preserved page ranges Date: Fri, 1 May 2026 17:46:33 +0800 Message-ID: <20260501094637.38650-2-crisjacobmaamor@gmail.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260501094637.38650-1-crisjacobmaamor@gmail.com> References: <20260501094637.38650-1-crisjacobmaamor@gmail.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Signed-off-by: Cris Jacob Maamor --- include/linux/kexec_handover.h | 6 +++++ kernel/liveupdate/kexec_handover.c | 35 ++++++++++++++++++++++++++++++ 2 files changed, 41 insertions(+) diff --git a/include/linux/kexec_handover.h b/include/linux/kexec_handover.h index 8968c56d2d73..fb09943ab232 100644 --- a/include/linux/kexec_handover.h +++ b/include/linux/kexec_handover.h @@ -19,6 +19,7 @@ struct page; #ifdef CONFIG_KEXEC_HANDOVER bool kho_is_enabled(void); bool is_kho_boot(void); +bool kho_is_preserved(phys_addr_t phys, unsigned long nr_pages); =20 int kho_preserve_folio(struct folio *folio); void kho_unpreserve_folio(struct folio *folio); @@ -51,6 +52,11 @@ static inline bool is_kho_boot(void) return false; } =20 +static inline bool kho_is_preserved(phys_addr_t phys, unsigned long nr_pag= es) +{ + return false; +} + static inline int kho_preserve_folio(struct folio *folio) { return -EOPNOTSUPP; diff --git a/kernel/liveupdate/kexec_handover.c b/kernel/liveupdate/kexec_h= andover.c index 94762de1fe5f..fe9f11190705 100644 --- a/kernel/liveupdate/kexec_handover.c +++ b/kernel/liveupdate/kexec_handover.c @@ -10,6 +10,7 @@ =20 #define pr_fmt(fmt) "KHO: " fmt =20 +#include #include #include #include @@ -429,6 +430,40 @@ static struct page *kho_restore_page(phys_addr_t phys,= bool is_folio) return page; } =20 +/** + * kho_is_preserved - Verify that a physical page range belongs to KHO. + * @phys: physical address of the first page in the range. + * @nr_pages: number of pages that the caller expects to access. + * + * Use this before phys_to_virt() when a physical address comes from resto= red + * metadata. It checks that @phys starts a KHO-preserved allocation large + * enough to cover @nr_pages. + * + * This only checks the KHO marker. It does not restore, free, or take + * ownership of the pages. + * + * Return: true if @phys starts a preserved KHO allocation large enough to= cover + * @nr_pages, false otherwise. + */ +bool kho_is_preserved(phys_addr_t phys, unsigned long nr_pages) +{ + struct page *page; + union kho_page_info info; + + if (!nr_pages || !IS_ALIGNED(phys, PAGE_SIZE)) + return false; + + page =3D pfn_to_online_page(PHYS_PFN(phys)); + if (!page) + return false; + + info.page_private =3D page->private; + if (info.magic !=3D KHO_PAGE_MAGIC || info.order >=3D BITS_PER_LONG) + return false; + + return nr_pages <=3D BIT(info.order); +} + /** * kho_restore_folio - recreates the folio from the preserved memory. * @phys: physical address of the folio. --=20 2.53.0 From nobody Sun Jun 14 07:35:01 2026 Received: from mail-pf1-f177.google.com (mail-pf1-f177.google.com [209.85.210.177]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5030A34FF74 for ; Fri, 1 May 2026 09:49:35 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.210.177 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777628977; cv=none; b=U5/VzF8m7fTpSfzDhwCaatpO7lJ2HTpp0KAZO/AWbTAcoynr6h8kGs/Aui8l/pX3u9RxvNyM7BH4vdWqLGxTUCeffhtqCZ3A4/NmFm1J6NN+01zQxsryrWd88GYuOMXkLIffQ3IR6/+eZHH6kBW69ypvmJcTNda0UdL3SlbxCy8= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777628977; c=relaxed/simple; bh=hhqamoszcDNnFzvHXcuW8hko1Ngi3U4ZaHT1aqRrmPs=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=ScHPgv8YnC9Za2Mip3tAF9y0eK7l0EVYWOZXDI10fcl7W7oydl2dbHirMd/N27xFW39DHUbYda2ku/xrgaP7F/iK+G1kIgk/VmaUNvvm0gY9Jp2SG3zhEIznaS18CBPW+80NJFagCDEUYvFZoFLNGQUVsb4nfrShjMFYc2G7Rxs= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=qM6GQIth; arc=none smtp.client-ip=209.85.210.177 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="qM6GQIth" Received: by mail-pf1-f177.google.com with SMTP id d2e1a72fcca58-82f33d28c1dso1033274b3a.3 for ; Fri, 01 May 2026 02:49:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1777628974; x=1778233774; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=cQtRFGksInkULS0m8GB/jr8IDzzr0ObA1EgynOw28RQ=; b=qM6GQIthMAvhVRzKSh149tfNGDS1d8jguXr4Fx4H+AqsSC/5qWv5vfBoHkqqCChXru LedBJEShKu43gTmH8oxr95EmMAxgEWQXvvuKB3CcOHwbts15Ukb2FUvUQPgVXek3ImLM jUXrkmopyrnHsElCh9p4KgA4IjrMGyBgBRhJeQsVs0U4Nw6HDKsNw7+jPvXesmfbRcAu ihGnjuuUp1adejnbsBXZCcZUN4VYvmeII51b4xgUz0d3uk7W+dUMnCTL+YU/j6Ps7Gbj BaPhEYmJFk8i5wkiZyRwLVCJdr0EBYO1axKJq0wa5+JZ4xroZ5BAFJU4fNx8lpxeOUhl O7Ag== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1777628974; x=1778233774; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=cQtRFGksInkULS0m8GB/jr8IDzzr0ObA1EgynOw28RQ=; b=q+TLAf/2VsbIn2oijb5yHrtATBhkZf3Hk0S/FHyVVFc24Rc7XoqqUQF/UdWoJxo87F 15KwOVVOq2hKG19GBJrikCE7hiyq61BfF1YG7/UFrYZJnNCuCVd4+XYMgnmysYok1Eve SS65MVBXHRFERSHnNgvoXd+Cq67eBW0YpCGza208omuv972tHNHvnyGuy3PpHfoFLqzT OvuYw6cz3YxcNz34Ew7YSg6OpbYRu8vbNX2yDV8SQYDfFwTtL7kjvonNfz2K+NVlWwEa 7LnCnZW2UM/U4KFaxSGRJrgRyedaXgkrsZj1qOSjjFf2TIMl9101uXibeX3gcs8kyvfS P6eg== X-Forwarded-Encrypted: i=1; AFNElJ+puFg6awt01kvskgI5IaRY20+IBHMLzT65ut/l0DUsLq5Y/mbSWP9Qo/HGrqj3/VNf1dvyAWO1Xt8cc4E=@vger.kernel.org X-Gm-Message-State: AOJu0YzZ9/DPcuOM5DksJ3FzzkNYT/lvF/974KwYHVAcnG5wDMxZ7DXY wVNKFNR2+XIXkF+t/8VGDayRDzkXdmh/CfEoK7OXNDsnvHi/pkSCt4HH X-Gm-Gg: AeBDievnZfBXprconNe4vRl08PxsSqX5cZAKXEoMy70B08/+YYNUavN0jOHt5h2RYlx SoGOZu9X8o5ZGhK2oeBihaZAnUHdhvwlelcw+4D0WtYl/E2BTJkn0OWvR04vKOT9OdNZzU7lTi5 RgLtXWmCikADEMUbZkpUy1fH6c/LiOwIZbc8udyV10kDu3CWAj6F8s4VuE+e/MurtE87WKy9Utp rYLo/Jd1HZJ726yyMy3i0cYVBYzLFE8nomTIgGgC8NPRioKVSV5o4CDFtt+zUSgAXWKbGsdZKFZ t5eYPXzO6UMfPPa/EnqAM8NEDWzizFyXGcQnp7HRwyD+dqCjy38YGj5TrHD5V6z/c1KFh/fWUK+ UoXNaQLKJYYiwKoajRybYC1nk7+HGkNXmd2lVp1ZoCy1vTogUPY9AJOEp06nRL6az9eiefgcRfH QyPXGO/t4WsGhQTBKf7fBu4gxqxaP+h0o5MCDWdg== X-Received: by 2002:a05:6a00:4b54:b0:82f:37e3:ae82 with SMTP id d2e1a72fcca58-8351a63b46emr2481911b3a.44.1777628974533; Fri, 01 May 2026 02:49:34 -0700 (PDT) Received: from laptop ([2001:4455:8025:be00:eebe:247e:613c:24d7]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-8351582dd55sm2042729b3a.1.2026.05.01.02.49.30 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 01 May 2026 02:49:34 -0700 (PDT) From: Cris Jacob Maamor To: Mike Rapoport , Pasha Tatashin , Pratyush Yadav Cc: Alexander Graf , Andrew Morton , Dan Carpenter , Greg Kroah-Hartman , kexec@lists.infradead.org, linux-mm@kvack.org, linux-kernel@vger.kernel.org Subject: [PATCH RFC 2/5] liveupdate: validate restored LUO FDT before use Date: Fri, 1 May 2026 17:46:34 +0800 Message-ID: <20260501094637.38650-3-crisjacobmaamor@gmail.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260501094637.38650-1-crisjacobmaamor@gmail.com> References: <20260501094637.38650-1-crisjacobmaamor@gmail.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Signed-off-by: Cris Jacob Maamor --- kernel/liveupdate/luo_core.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/kernel/liveupdate/luo_core.c b/kernel/liveupdate/luo_core.c index 803f51c84275..633a16434164 100644 --- a/kernel/liveupdate/luo_core.c +++ b/kernel/liveupdate/luo_core.c @@ -82,6 +82,7 @@ early_param("liveupdate", early_liveupdate_param); =20 static int __init luo_early_startup(void) { + size_t fdt_size; phys_addr_t fdt_phys; int err, ln_size; const void *ptr; @@ -94,7 +95,8 @@ static int __init luo_early_startup(void) } =20 /* Retrieve LUO subtree, and verify its format. */ - err =3D kho_retrieve_subtree(LUO_FDT_KHO_ENTRY_NAME, &fdt_phys, NULL); + err =3D kho_retrieve_subtree(LUO_FDT_KHO_ENTRY_NAME, &fdt_phys, + &fdt_size); if (err) { if (err !=3D -ENOENT) { pr_err("failed to retrieve FDT '%s' from KHO: %pe\n", @@ -105,6 +107,12 @@ static int __init luo_early_startup(void) return 0; } =20 + if (!fdt_size || fdt_size > LUO_FDT_SIZE || + !kho_is_preserved(fdt_phys, DIV_ROUND_UP(fdt_size, PAGE_SIZE))) { + pr_err("Invalid LUO FDT from KHO\n"); + return -EINVAL; + } + luo_global.fdt_in =3D phys_to_virt(fdt_phys); err =3D fdt_node_check_compatible(luo_global.fdt_in, 0, LUO_FDT_COMPATIBLE); --=20 2.53.0 From nobody Sun Jun 14 07:35:01 2026 Received: from mail-pf1-f171.google.com (mail-pf1-f171.google.com [209.85.210.171]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9EFFF37648D for ; Fri, 1 May 2026 09:49:39 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.210.171 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777628980; cv=none; b=dkG9N+NZC5HkxvX+0wscXpSAo6WlVk6P2LZ9OQUEYPiT4V2gt907ybiLEBS28W0pwqPR3ufnOMzWR51UapmSa4b3ts31xZXn94dg3pbMJQvc91kQQA+iiSQUJGS5XG6nkR5O4DVSSe47fPpRke1jfENXwWQwclObBTfRLcVPwR4= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777628980; c=relaxed/simple; bh=a+eSQSabQUa7p81BJArpk8nmq9SUqsqx4nHbe2sxoz0=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=OyMerqUgq80X7rl8vgu+Wsw+EuvqJOkArafNp/M2XdrQ9GPvYdeIrbILC9r2ARtIFgjU+kFzTLlg2bF1SP3CIi5crp+FaV6nPbv0zWI2esQ6/fXOihxcqvPFQvNwQQDL0af7BbZW7aGqSNwJEskPFQCLVfxHtGHTV8wyD94KHHo= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=XGJy/WYu; arc=none smtp.client-ip=209.85.210.171 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="XGJy/WYu" Received: by mail-pf1-f171.google.com with SMTP id d2e1a72fcca58-82cebbdbdccso1059192b3a.1 for ; Fri, 01 May 2026 02:49:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1777628979; x=1778233779; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=jpzP5NyCyl9kBFJtSorUnmMXLVo8P2gspi2fH3AtFbE=; b=XGJy/WYu7CJB6xTAA8PHhJ2CVxbTbbPzVnvHPYBBwSDGhGO7R5HJJJR+r3azK1fUQ1 Qr7yMYw33YK45AUYWB1mh0qT75GcynDpPPbAwQ7M2BAm5zBWhLNTZV+MMyxuCyA9TS2a 8nCUEx5lfRqTBo1vcRdTfrG02vlA5lU2HMiNDZWMnNgwShNVvtZmO6eX5BgvwYytAVW0 rNhtAwuPdv7vLPXPSr1yVeeG2SCFULy8EjEAuzdNzAhRRI/B1aLgW/RawZDbF+VOvxz6 0MxlAFUoE/vde98H+Db8jfvsErShu5mUDckZhktYh0tqC9V82QylX2Ww/wZBiISQssNn DiUg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1777628979; x=1778233779; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=jpzP5NyCyl9kBFJtSorUnmMXLVo8P2gspi2fH3AtFbE=; b=i2g/ctEvHHs4xd+H9C4SK2QgTiWKSUzecsJDWEwAsV1BJx+1aJ7uVAGcL4JWBtWdL9 HUhMfD9NEji9hb7W0rFKuPe3D/kjar1BriM2Z6M4pX2x8CjQwabnrtpcxEn9Obo7SuwK L0v5Niq1EeYiwI9hEplS1brSeavOCKSJWk46eZfJHJ5GrTj6UVBorn7mSuQRqpNtsMMO yKwyZBwvNjfaHp3vhxfp4wjHmO9/LyH9/+ifSrmQslYGZnrx7dlP6SWrolAZkuos9Atl qWqC3ofV/e2kfc/geYp/cTEZq1gkqaSRo3Iqdn2SEMlsDoAnp3afNcfFwlV+6pVaiX2P R9Tg== X-Forwarded-Encrypted: i=1; AFNElJ8nBVmTK5HgksIw/T+sMxe2YlKdIRENBggrg8jzz7LuzQAcO0uBfm5IUrVCLcoK+XIyjGP/p/2nKtLTuu4=@vger.kernel.org X-Gm-Message-State: AOJu0YwNosPS1+cd+OxtF2PNNO1x7+4hyZv/bnowSKp2Vn/Oy5o0nW4w fxGci7ogZosbL+0Bq0VtFR0zKJuYvjrQWB8tT1w7nFrBn1AUyUhwc6RO X-Gm-Gg: AeBDiesK2lI8oBBoYsMauIfYY3M+NvRcFVVkn4Fu+rZQOni1o6cWVhkaQM1IiDzCH6T TqVTCaHR95N5DiYv1XHgAWBOlVoOrZVq9Dyw0dOOvHxKXyGZZHC9ciZaAIoMosepOkWHtHNQf27 qoj7fhoFk5j83Uof1N3IoPF/R6ei5pBxo6AOnzTO2Egy+22K0gn7q7HAMLr4YkPImFwRDsrNY4u w49on/xNEaSnybhUUEtod3WJ38C2Px1v8EiX/27e2C/EAqduKlcDR5TEGJFTocwDduo7DyUCujE 0mewNz+CVo5//EH2kedkTy0arIwhUcOeMc6imC4uvXCO5FYz3nZlYfNS8tz+V2xPhs5FsTSvFk+ CKaNH4ILejm5WVZuUx5XT4OtFWsfzhQKkYmYk304tm5ZN6lKrQUGis+292nJ9BDKikdagMOfAMA epGp13ct98vp8FT9mwP7X4OKODKiT0uRaGXbwWjg== X-Received: by 2002:aa7:88c6:0:b0:82c:9c4e:66ca with SMTP id d2e1a72fcca58-834fff74303mr5699537b3a.2.1777628978910; Fri, 01 May 2026 02:49:38 -0700 (PDT) Received: from laptop ([2001:4455:8025:be00:eebe:247e:613c:24d7]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-8351582dd55sm2042729b3a.1.2026.05.01.02.49.34 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 01 May 2026 02:49:38 -0700 (PDT) From: Cris Jacob Maamor To: Mike Rapoport , Pasha Tatashin , Pratyush Yadav Cc: Alexander Graf , Andrew Morton , Dan Carpenter , Greg Kroah-Hartman , kexec@lists.infradead.org, linux-mm@kvack.org, linux-kernel@vger.kernel.org Subject: [PATCH RFC 3/5] liveupdate: validate restored LUO session metadata Date: Fri, 1 May 2026 17:46:35 +0800 Message-ID: <20260501094637.38650-4-crisjacobmaamor@gmail.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260501094637.38650-1-crisjacobmaamor@gmail.com> References: <20260501094637.38650-1-crisjacobmaamor@gmail.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Signed-off-by: Cris Jacob Maamor --- kernel/liveupdate/luo_session.c | 22 ++++++++++++++++++++-- 1 file changed, 20 insertions(+), 2 deletions(-) diff --git a/kernel/liveupdate/luo_session.c b/kernel/liveupdate/luo_sessio= n.c index a3327a28fc1f..0244c071936d 100644 --- a/kernel/liveupdate/luo_session.c +++ b/kernel/liveupdate/luo_session.c @@ -501,7 +501,18 @@ int __init luo_session_setup_incoming(void *fdt_in) } =20 header_ser_pa =3D get_unaligned((u64 *)ptr); + if (!kho_is_preserved(header_ser_pa, LUO_SESSION_PGCNT)) { + pr_err("Session header is not KHO preserved: %#llx\n", + (unsigned long long)header_ser_pa); + return -EINVAL; + } + header_ser =3D phys_to_virt(header_ser_pa); + if (header_ser->count > LUO_SESSION_MAX) { + pr_err("Invalid session count: %llu\n", + (unsigned long long)header_ser->count); + return -EINVAL; + } =20 luo_session_global.incoming.header_ser =3D header_ser; luo_session_global.incoming.ser =3D (void *)(header_ser + 1); @@ -515,6 +526,7 @@ int luo_session_deserialize(void) struct luo_session_header *sh =3D &luo_session_global.incoming; static bool is_deserialized; static int err; + u64 count; =20 /* If has been deserialized, always return the same error code */ if (is_deserialized) @@ -524,6 +536,13 @@ int luo_session_deserialize(void) if (!sh->active) return 0; =20 + count =3D sh->header_ser->count; + if (count > LUO_SESSION_MAX) { + pr_err("Invalid session count: %llu\n", + (unsigned long long)count); + return -EINVAL; + } + /* * Note on error handling: * @@ -539,7 +558,7 @@ int luo_session_deserialize(void) * userspace to detect the failure and trigger a reboot, which will * reliably reset devices and reclaim memory. */ - for (int i =3D 0; i < sh->header_ser->count; i++) { + for (u64 i =3D 0; i < count; i++) { struct luo_session *session; =20 session =3D luo_session_alloc(sh->ser[i].name); @@ -606,4 +625,3 @@ int luo_session_serialize(void) =20 return err; } - --=20 2.53.0 From nobody Sun Jun 14 07:35:01 2026 Received: from mail-pf1-f176.google.com (mail-pf1-f176.google.com [209.85.210.176]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 06A371EEA54 for ; Fri, 1 May 2026 09:49:43 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.210.176 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777628985; cv=none; b=EIobxIo0t+55gUXzBKiLq2LuSsAKi3F+7NUAe7RjmXRQHsHfthzaw/8aOJ8F6UhQsPgdPv40b4Kn1ktjTPrWlosD94n6WZorjhodOIeka6ARqRMcWI+zFZLgZqFkeRACk9vA+hm8kSTRmSyYUOVcYZXQThUuLkMMdS+jRrxDYUY= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777628985; c=relaxed/simple; bh=CgHKF+o/ItxvFSDz3bjShaSxM14XUMAlg7doDqDSoQQ=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=PMXnMdh8rYX1wfkHw1eYYp5xo4ZUbUZVSA2XLXO6FhUEmUOqdhvHctvNneIBl06DZfDhWFTOcba6BKlqJew+z+c8dYzjKIzVnKeDlVRztb4QQA0KBevEfcRG0tVM8FMtDHZkNFzDJjmBLd6s015wHn/mjGDUvXJixpTa+YPKZxQ= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=nzkWkm+j; arc=none smtp.client-ip=209.85.210.176 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="nzkWkm+j" Received: by mail-pf1-f176.google.com with SMTP id d2e1a72fcca58-82f943870baso830075b3a.1 for ; Fri, 01 May 2026 02:49:43 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1777628983; x=1778233783; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=rg6/BjuyUXCcpPF5+z/gged95vUIgjLnAi+C6UXeFxk=; b=nzkWkm+jM50Nxw3mN8bivt9NIbZlN1EDd9US2Ms/cIx+Sytu3FvdO8g6x89qfYKjnq ErdwnE+cvcvBhMWbR22HoMjlLpxROj9qYNHEDqI5kffHkzgCK3mgWNY2UYL34izt7s2Z MRSPBxzQIjmNC3Uj6t6VdOsqB5dJeohik7L1VC7dbfN86jm3gKAOP3FrGv9nWBa+BgDr inCvkuyd+nb10OmgRsSj64LDNVHIs06twJiJTcuVG2oRrgLtBs5UnLsD6ngjJhkwV8oM NMoDcq4JD6u+i0PUFgb3ZIlQiertXDw8QqvFJ1M6m2dvV845oplY6+qCtALtUZK9/pev TXuw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1777628983; x=1778233783; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=rg6/BjuyUXCcpPF5+z/gged95vUIgjLnAi+C6UXeFxk=; b=W1pBpDxJVprfEorH8URv/KsWSib7PZ2VjHbUIBYH0wScepT25ONCKw9ojxGWI3TZJ1 E32h+K4mXmgVJSpi9yttf5cPj1jKLB4ECvjoHGDeYy2sKqHFx7J+8Vt2GHcv3uh0+K88 iYUzHkk2CleJYiirT/uDv/isgmQUJLoSvCb/7IUVa9pLxKdV7wF88G84Lv07piuNJGko udmEBAlWkl2bZ35bostOQD9bRjjuOX8pZCCG9LWVDVBCARJu9w0V9DA3O0dWiKNJHNhj PY0SzNtYcCORI9Tna/ID3lPoDCi2GoCd2ldWd7uGGhP6LHiL9gyD3drnvfrB30eDfU48 rpeg== X-Forwarded-Encrypted: i=1; AFNElJ9ORhz5KJBDZIK0i4T5nBuQD/enw8CNV42q5KP1vlvZKoLKWjo9ytAoDr5rkC8CjS+2CMAwA9ozoQ0yiJM=@vger.kernel.org X-Gm-Message-State: AOJu0YyQcLmqQ8MvdI7ZK+iHL4OT/spZCiYpxa6aBNzkOelsfkVsEmI8 kiJlJV3eqqH49RAvgFmpvfZIveU8aco1ndHPtz7Gtb3kT7cOIqr+SxIv X-Gm-Gg: AeBDiesHIU3MUFho1hkMP0xxWRp/f9vAxNGu0Oqx+F+OHsp/nBnhqp7vVjinrJKRjBf j3zvymRG9lyjtdw9nUp/ic6iuAgSsX4AeWG410zz0vPqCMM+RGWAW/rfNViRyU3oxfJfiCJH8fu AfDKGUSLA1Wpj22XjHFIXhREx1haPeURbGt2g2VkfQvin6KTcYXDOZBKWqkNjh9BIi48ilGApC3 7YzP/Fl6Zyc5n+ujxS7Wtf3/PxPObXWqJ+vxkIyO1BaXWgaRWTqel1Htcl6WbTcow82CxMEvQN2 cVcxmsOwNzZ1upNA5UqoMNs8WfZfkQ8ssMNumdj4E/Niu79hY8W4FUhKq1oinL0LZcjbl9Ju2k0 DwNoq6qNkg8J9Qt+rf76IgtOFJMEF3Drm9ZJNzyOhvedw9ObTnQQ0iF7JB5FniqjIgZn3U1miu5 OJpAXBz6xTyvymYV9m/3Ef8YicJprDzN2/YiWKyg== X-Received: by 2002:a05:6a00:a253:b0:82f:776f:a78d with SMTP id d2e1a72fcca58-8351a344c46mr2584281b3a.19.1777628983321; Fri, 01 May 2026 02:49:43 -0700 (PDT) Received: from laptop ([2001:4455:8025:be00:eebe:247e:613c:24d7]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-8351582dd55sm2042729b3a.1.2026.05.01.02.49.39 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 01 May 2026 02:49:42 -0700 (PDT) From: Cris Jacob Maamor To: Mike Rapoport , Pasha Tatashin , Pratyush Yadav Cc: Alexander Graf , Andrew Morton , Dan Carpenter , Greg Kroah-Hartman , kexec@lists.infradead.org, linux-mm@kvack.org, linux-kernel@vger.kernel.org Subject: [PATCH RFC 4/5] liveupdate: validate restored LUO file-set metadata Date: Fri, 1 May 2026 17:46:36 +0800 Message-ID: <20260501094637.38650-5-crisjacobmaamor@gmail.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260501094637.38650-1-crisjacobmaamor@gmail.com> References: <20260501094637.38650-1-crisjacobmaamor@gmail.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Signed-off-by: Cris Jacob Maamor --- kernel/liveupdate/luo_file.c | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/kernel/liveupdate/luo_file.c b/kernel/liveupdate/luo_file.c index a0a419085e28..cde43d822f8f 100644 --- a/kernel/liveupdate/luo_file.c +++ b/kernel/liveupdate/luo_file.c @@ -783,11 +783,21 @@ int luo_file_deserialize(struct luo_file_set *file_se= t, struct luo_file_ser *file_ser; u64 i; =20 - if (!file_set_ser->files) { - WARN_ON(file_set_ser->count); + if (!file_set_ser->count) { + if (file_set_ser->files) + return -EINVAL; return 0; } =20 + if (file_set_ser->count > LUO_FILE_MAX) + return -EINVAL; + + if (!file_set_ser->files) + return -EINVAL; + + if (!kho_is_preserved(file_set_ser->files, LUO_FILE_PGCNT)) + return -EINVAL; + file_set->count =3D file_set_ser->count; file_set->files =3D phys_to_virt(file_set_ser->files); =20 --=20 2.53.0 From nobody Sun Jun 14 07:35:01 2026 Received: from mail-pf1-f172.google.com (mail-pf1-f172.google.com [209.85.210.172]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B18E8345CCE for ; Fri, 1 May 2026 09:49:48 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.210.172 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777628990; cv=none; b=iq5di1MhXUqsQEetWNunli+jKDW4ACkettYjbNehDPJoF5SV65JXZuGuBuRIU4sM/zFEjMSy48gl1CIXn+4otiZxwvjk5zpstRRlnLV/G23O/Kg1vxLz3ZrfH0jLI9aoztAmOjRnS9py7loAX/dwb3JezRd24jQqjn2QlcJyFtw= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777628990; c=relaxed/simple; bh=eD7OqJpTKSjDHbpdCfhWW1Ydk9sx3+0eBxZw9GujDD0=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=mHWzwCo8gPf/99pKdMBRz6kUG4MXu6RpDVcSQPPNfdr3DQT7OmdajFIzjcopuSkcUs7ydGgcgFgHLLl5JDzrGMyCaf1SrjU3bIF/edVrcvZe4DIsYS4efZzCFPqVKqtG6iybuCHZeIX4Fscl5a/Q56k4R/BPvuHAbehgoYOYmWw= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=FBO+R22s; arc=none smtp.client-ip=209.85.210.172 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="FBO+R22s" Received: by mail-pf1-f172.google.com with SMTP id d2e1a72fcca58-824c9da9928so869754b3a.3 for ; Fri, 01 May 2026 02:49:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1777628988; x=1778233788; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=byHariOe/418DnHhAYKU/dMJ4rRms9bwPBY0UESk+2U=; b=FBO+R22sIeQKFaidvE7uTzyFlKdllZBQSIDGQHY1/pDWKBu3wB2vXkpHf/EyeKSlWN uzcISwNs9QlUD3OSfM2YM3ZNsMbcKmM8oY/gWQZgRVa3Dra+qhywZEzBr5CpEY475jmI Cg79bvohvFCBTOLtYVjxKD6UMGa3bvWCNPrTpZjo8Aip/DnK8lKVE7fGsPbYkSvvxL2Z T6Bvx9OxHQpdrqe4mnA7EAiC4VFt2sJs3qqjqLDHKJpRiHAPN7UnXB+P9ibWl6Ga0DSY 0yK+hP5ktoe6FLZhudlDCj64DRLmXUyUoeNWeyjysFYoqaQ3cYyRBfMTYJoE0ny3PWJW YisQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1777628988; x=1778233788; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=byHariOe/418DnHhAYKU/dMJ4rRms9bwPBY0UESk+2U=; b=Zv3qr+c3I/btaJr2F4ATT2zz+0W6KitGTRuCZ9BZ3uZXtHv0rslOhMONt73qPTuKoB INMQvd6avayCTnh12wooTIsBZhd0AxwngtVt3pNDLywXtGfUssTCdikpJR6wYKkMsBk6 F+qXBniSOmX81NQhlLDNVfeKysN3tAF91B67sBR+C03lbgv69OWzRyNqDTlZFEcLxYK1 pQ/9kqTGbF5R73zS6cozKAGRpxF/2r9E+Tu+1rUNvLDquWKF441FLBnjHc9dk+Y2z7Q9 B/CXu9pavhws91Mt5iKi9ayZMkw3G0VyAfOkVSQtsij3X/BShqWOvXGCiUm8Uwc82+nP xKkg== X-Forwarded-Encrypted: i=1; AFNElJ/CHRwbktSarFWkwgtnfj+Idl0YhWTWBMjbv6jsXfwfkTYTT7mNPPNhHLL03dvvEN1AwLozNqyc9LNA9Qc=@vger.kernel.org X-Gm-Message-State: AOJu0Yxa2454LJwLio5PQUrBGtFWKI67QwM5mF2U23vzjs30bDPkR1fh njBUfzWHrqg28mwJ4kwJmdkZXDzYtyz2lFrzr1XRuZ2Alje7vJSwFz7LQ9h0q/ogJDc= X-Gm-Gg: AeBDieuY355TfDCD+t3AXaCkOvN+p4EBdY+E6KtFjiLwQHj6vXWRKeF0CgokqioJ78K 2mHiGY5AcVMjy8Ne5h7ExduVrgBGg3Pv1Im34/OLeJHangvn5siJAMy5OAmXj2Wqij8V+S/Idti FZ+QrgntWlfXeF4ehh6D/vuSRiotm5jXEw1dsVU2lCiFJBqvuvSelFSs996qahLb1XmS7cEKnua Jmz8kp5WG7G6JrtLDB50hw72kQdBMyTzsbywhacNuItOlAH7HCyFw3LXYQt8xDg8KwDErLP81sN 1AqeAWy6JJxa8NWnjH2biXs9+OLFBOhhTIldlEyKau6iEmMOsOQKB9r8DFArOBUsa0LV+CM+YHi 0OcH/aeT/qSc9I5vvOMwPkDAE/NUOqOXVru64Fh9DHZeu6/7DW0Av6DCwWUdvHS//fu9FwEkRv1 Ybh6LBBng+tm0V9f5cVF+lykGOeGtz3bb4KpqOAA== X-Received: by 2002:a05:6a00:3cc5:b0:82c:9c47:fef9 with SMTP id d2e1a72fcca58-834fe05cc9bmr8047701b3a.2.1777628987950; Fri, 01 May 2026 02:49:47 -0700 (PDT) Received: from laptop ([2001:4455:8025:be00:eebe:247e:613c:24d7]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-8351582dd55sm2042729b3a.1.2026.05.01.02.49.43 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 01 May 2026 02:49:47 -0700 (PDT) From: Cris Jacob Maamor To: Mike Rapoport , Pasha Tatashin , Pratyush Yadav Cc: Alexander Graf , Andrew Morton , Dan Carpenter , Greg Kroah-Hartman , kexec@lists.infradead.org, linux-mm@kvack.org, linux-kernel@vger.kernel.org Subject: [PATCH RFC 5/5] liveupdate: validate restored LUO FLB metadata Date: Fri, 1 May 2026 17:46:37 +0800 Message-ID: <20260501094637.38650-6-crisjacobmaamor@gmail.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260501094637.38650-1-crisjacobmaamor@gmail.com> References: <20260501094637.38650-1-crisjacobmaamor@gmail.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Signed-off-by: Cris Jacob Maamor --- kernel/liveupdate/luo_flb.c | 23 ++++++++++++++++++++++- 1 file changed, 22 insertions(+), 1 deletion(-) diff --git a/kernel/liveupdate/luo_flb.c b/kernel/liveupdate/luo_flb.c index 00f5494812c4..e80032669cea 100644 --- a/kernel/liveupdate/luo_flb.c +++ b/kernel/liveupdate/luo_flb.c @@ -162,6 +162,7 @@ static int luo_flb_retrieve_one(struct liveupdate_flb *= flb) struct luo_flb_header *fh =3D &luo_flb_global.incoming; struct liveupdate_flb_op_args args =3D {0}; bool found =3D false; + u64 count; int err; =20 guard(mutex)(&private->incoming.lock); @@ -175,7 +176,14 @@ static int luo_flb_retrieve_one(struct liveupdate_flb = *flb) if (!fh->active) return -ENODATA; =20 - for (int i =3D 0; i < fh->header_ser->count; i++) { + count =3D fh->header_ser->count; + if (count > LUO_FLB_MAX) { + pr_err("Invalid FLB count: %llu\n", + (unsigned long long)count); + return -EINVAL; + } + + for (u64 i =3D 0; i < count; i++) { if (!strcmp(fh->ser[i].name, flb->compatible)) { private->incoming.data =3D fh->ser[i].data; private->incoming.count =3D fh->ser[i].count; @@ -620,7 +628,20 @@ int __init luo_flb_setup_incoming(void *fdt_in) } =20 header_ser_pa =3D get_unaligned((u64 *)ptr); + if (!kho_is_preserved(header_ser_pa, LUO_FLB_PGCNT)) { + pr_err("FLB header is not KHO preserved: %#llx\n", + (unsigned long long)header_ser_pa); + return -EINVAL; + } + header_ser =3D phys_to_virt(header_ser_pa); + if (header_ser->pgcnt !=3D LUO_FLB_PGCNT || + header_ser->count > LUO_FLB_MAX) { + pr_err("Invalid FLB header: pgcnt %llu count %llu\n", + (unsigned long long)header_ser->pgcnt, + (unsigned long long)header_ser->count); + return -EINVAL; + } =20 luo_flb_global.incoming.header_ser =3D header_ser; luo_flb_global.incoming.ser =3D (void *)(header_ser + 1); --=20 2.53.0