From nobody Sun Jun 14 07:35:29 2026 Received: from mail-pl1-f177.google.com (mail-pl1-f177.google.com [209.85.214.177]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2E3EA1FD4 for ; Fri, 1 May 2026 17:31:27 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.177 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777656689; cv=none; b=Tm/dLEKaVkoJiXitv0grEaXOfkLtfz0sz5SFwWtwLmQgEBgw4jYuADoU665fvPo4vjEv/eF3C+zu1Xqc2EUDqI3W35Oe61tMIZ/Jg4Fi54mPorQNYvkNyrZKhuhgwjAb/+yoXvdF87QSKs3RQKQVRtGEvRaiNo38slraBRzgy74= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777656689; c=relaxed/simple; bh=QSiY5E2JNbneo8nzUJBypLP0obAtSi+PcQYWYWozddg=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=m5ibTVT272V2yq6h+8KStiuEPGAVqjgErYiy1vLXGpCGN2uzy2i79YxR/gDpyh5GC4xCZ/MPk9fHfMG4xnk5a29GZZRddzKtiizkfRjO/sfdps1P0lSAY9o4XEmqBIZWT5rbOSzOdfuwI47ZIaef3sxSf/NWIFwpjv2OV+dZ3T0= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=STvx/sOY; arc=none smtp.client-ip=209.85.214.177 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="STvx/sOY" Received: by mail-pl1-f177.google.com with SMTP id d9443c01a7336-2b9705613ddso12885515ad.1 for ; Fri, 01 May 2026 10:31:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1777656687; x=1778261487; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=owhGFFGkj/MfzHZLNOkioxRyYPGExMvDZLhrjI6gPS0=; b=STvx/sOYGVaNFU5ySqyQYbZkUSJ67pOTGdqbfXtho9f1UJXS8061L/yYAbm6rczF6x s6dEiG63nHwF2PtkFM7EG+2tM9RfaPF4Fu0eGRBDfWu1Ww7VV1BK9UJ3+4pZxYUx6PZ2 tKegsev5rq3NJLZF6stHsg0HfO3QFqA4pcfXPa7GWLsjD3DxquUnP2KMJ+NqF09FgVMj Ohc+Bg5i5gvlXmAdgV0C99B+zethE5o6VyEtZJhlWmQpoLRQDGG7tejN0+9o4DPTL+// yPr6m9jhBwsbe2boHnH1E43f1R4R+Ca6rqFQLQ+KP+GZLm8HwJXLMiuoSDKw2pt+b7sj yLMA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1777656687; x=1778261487; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=owhGFFGkj/MfzHZLNOkioxRyYPGExMvDZLhrjI6gPS0=; b=TsC/8HkA50orH+luTmHs6OW8lMXjIYlKtkNaI/Za8ha5o132wh7eNSWGJ8D6WBRD/E Qt2/rfgWmnuFToCqKv/22P4IOeMDTSdXIFZMoZJ7pUPjfseKQiJmgyEeovuI3FcQ1kH5 MzN4Il0zhJq6YMDgfC07s1cnZ6UoywM7pZm5yCTlj54DGO5RNx98hZRm6drfaU+HMYvx MD6x6YEsZuFN4gl9/AkBpn7ps96fXcXQiAyHmPrhUIgDVlz3R5UV92hDFcAzXYucbI3/ 8mkcBlB8k/bFoIacTcwQCCLY7SDhuepjV9zfIUjxBmS0NVM4dIpKC6C6M5OGzg/QaPKz laKA== X-Forwarded-Encrypted: i=1; AFNElJ8MRuEA2oOvo2A4rk1AgIvF/79tJ19piAMhmVLfC55St1/ygEHv/XhwlWrB4o+TLSgQwiOmJMyeDjpZfRI=@vger.kernel.org X-Gm-Message-State: AOJu0Yy2d9rXph3fl0eb/+tH/7UOJt/LQFZ72mippWdfrYoXZLS/rYJD dTbZwhqEd4TZy8vclzcGyz8dnsr1LPhPdTLCeY2XSu/Q9xgeguuvYe4Z X-Gm-Gg: AeBDiesm/uKC15M8X2PO6Gr+xh4x0oOY2XKZIXdsVd+DEn57KUBKtqiY8QQb4AGtZ1t HeWcXr/5Jcl4YL8iWE8E2vE3kVQ27r+Od+S40jm+liVj2wAOVtnZp4VFaxFKrQcCf4onw0IMkQk RYe/qGOWD7Wc+URjV7jEYdy3nA+9bxxKM1be5LxfRzrStxut8V3OUM5TKw1XJLbOb8ZggoiDmL5 QGUe6MG20Rrio9uZb6qkdky+4PIA2Nuhnv5rHGnU+vQBr/4dnITxjgcE4gjMjYiJzx/KQ+4Ou57 ei8cnhBjR11ObVgJo6JviI4/b0/oUeEHIhdjzAo9i5txVZ+8sdj2BLHhIHgkQZGDOkASI3kmQq2 6S6qHJrYWUFd2r0RkGAuOjjFLfSbD4Eq88pPhtMnJRvI6tGlPDptFjFtBHxmsFV4zci2epNpRrC TFmw4ZlnFFNTwOBG7TpHG9q7mXIzwpaF+oE5NDpA== X-Received: by 2002:a17:903:2f46:b0:2b4:59bf:5728 with SMTP id d9443c01a7336-2b9f260d8acmr1445365ad.25.1777656687121; Fri, 01 May 2026 10:31:27 -0700 (PDT) Received: from laptop ([2001:4455:8025:be00:15cc:43cd:8af9:5a8e]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-2b9caad2459sm27094895ad.33.2026.05.01.10.31.23 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 01 May 2026 10:31:26 -0700 (PDT) From: Cris Jacob Maamor To: Mike Rapoport , Pasha Tatashin , Pratyush Yadav Cc: Alexander Graf , Andrew Morton , Greg Kroah-Hartman , kexec@lists.infradead.org, linux-mm@kvack.org, linux-kernel@vger.kernel.org Subject: [PATCH v2 1/5] kexec: handover: add helper to check preserved page ranges Date: Sat, 2 May 2026 01:30:49 +0800 Message-ID: <20260501173053.73116-2-crisjacobmaamor@gmail.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260501173053.73116-1-crisjacobmaamor@gmail.com> References: <20260501094637.38650-1-crisjacobmaamor@gmail.com> <20260501173053.73116-1-crisjacobmaamor@gmail.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Restore code should not use phys_to_virt() on physical addresses from restored metadata until it verifies that the range was preserved by KHO. Add kho_is_preserved() so callers can check a preserved page range without restoring, freeing, or taking ownership of the pages. Signed-off-by: Cris Jacob Maamor --- include/linux/kexec_handover.h | 6 +++++ kernel/liveupdate/kexec_handover.c | 35 ++++++++++++++++++++++++++++++ 2 files changed, 41 insertions(+) diff --git a/include/linux/kexec_handover.h b/include/linux/kexec_handover.h index 8968c56d2d73..fb09943ab232 100644 --- a/include/linux/kexec_handover.h +++ b/include/linux/kexec_handover.h @@ -19,6 +19,7 @@ struct page; #ifdef CONFIG_KEXEC_HANDOVER bool kho_is_enabled(void); bool is_kho_boot(void); +bool kho_is_preserved(phys_addr_t phys, unsigned long nr_pages); =20 int kho_preserve_folio(struct folio *folio); void kho_unpreserve_folio(struct folio *folio); @@ -51,6 +52,11 @@ static inline bool is_kho_boot(void) return false; } =20 +static inline bool kho_is_preserved(phys_addr_t phys, unsigned long nr_pag= es) +{ + return false; +} + static inline int kho_preserve_folio(struct folio *folio) { return -EOPNOTSUPP; diff --git a/kernel/liveupdate/kexec_handover.c b/kernel/liveupdate/kexec_h= andover.c index 94762de1fe5f..fe9f11190705 100644 --- a/kernel/liveupdate/kexec_handover.c +++ b/kernel/liveupdate/kexec_handover.c @@ -10,6 +10,7 @@ =20 #define pr_fmt(fmt) "KHO: " fmt =20 +#include #include #include #include @@ -429,6 +430,40 @@ static struct page *kho_restore_page(phys_addr_t phys,= bool is_folio) return page; } =20 +/** + * kho_is_preserved - Verify that a physical page range belongs to KHO. + * @phys: physical address of the first page in the range. + * @nr_pages: number of pages that the caller expects to access. + * + * Use this before phys_to_virt() when a physical address comes from resto= red + * metadata. It checks that @phys starts a KHO-preserved allocation large + * enough to cover @nr_pages. + * + * This only checks the KHO marker. It does not restore, free, or take + * ownership of the pages. + * + * Return: true if @phys starts a preserved KHO allocation large enough to= cover + * @nr_pages, false otherwise. + */ +bool kho_is_preserved(phys_addr_t phys, unsigned long nr_pages) +{ + struct page *page; + union kho_page_info info; + + if (!nr_pages || !IS_ALIGNED(phys, PAGE_SIZE)) + return false; + + page =3D pfn_to_online_page(PHYS_PFN(phys)); + if (!page) + return false; + + info.page_private =3D page->private; + if (info.magic !=3D KHO_PAGE_MAGIC || info.order >=3D BITS_PER_LONG) + return false; + + return nr_pages <=3D BIT(info.order); +} + /** * kho_restore_folio - recreates the folio from the preserved memory. * @phys: physical address of the folio. --=20 2.53.0 From nobody Sun Jun 14 07:35:29 2026 Received: from mail-pl1-f182.google.com (mail-pl1-f182.google.com [209.85.214.182]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 05ABB302163 for ; Fri, 1 May 2026 17:31:31 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.182 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777656693; cv=none; b=ZqKeZdQtnlq2kXD/dapS41GLrj/qR85M/ezLzXatESkYMHFx9b/LlLF4TEwwQRn4XTIiRb3+Y3ZfZWoun/vTcu88H7O+rZkc5kZslEEXg1okYVr9D/5ILF6mwTiNCBZcp15ot3fMmToE0IPEfKaXNXggmmd+22kRqDKHdwygAxI= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777656693; c=relaxed/simple; bh=lziW69U/1U1GZuMq94zz1oxGO2ECA1C+DPPzYy/Ez5o=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=kxK0oSNy0TX48BYzmIDOYyLzNYP6MyRfhuOQ8FrguBsMqB6qwwinYVMSeBLNPmUnu7QQCr5squkNYE4YRDr020xfNlkcu9xpjYAJfG6kBnWZLG7gxF8moG6cVKgH/KEN5ji0EnwSuvowLpaULMbDeoc7KEY05HOkHw0qQLAmrlM= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=ACaq1A0e; arc=none smtp.client-ip=209.85.214.182 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="ACaq1A0e" Received: by mail-pl1-f182.google.com with SMTP id d9443c01a7336-2b9ec9443c2so1651595ad.1 for ; Fri, 01 May 2026 10:31:31 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1777656691; x=1778261491; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=r2jdlpGF4XpPc9ZFDgVdeXjA1AFqLuNKcjK8mHttf1o=; b=ACaq1A0euNAU+7A6sqV/pKZdQvtwlT2mXj9vHBFFZJvSoug3LoCzfEHWX1IJhpUFI4 OkggYQAFZUXrZBz933BUkvamE7DWWWge9l5seNKiqRhc4qXLQGXulXXmdXqwyNisDcrb EtTLddIy8uyEgfXFv0RX7nXBb+F8/2bV3mbZ+5yI8zygdBk3ZfHnrZsFGnqMaYOHWmk+ FoVx950e+YYc3mbHMceEnAbzj4tIaX2bWpS5h1wA0wa0DIj6YjHdUGnNdiZnEk6lxkbr 6wLHR2Eh/5CurekqXjEKET9sdfTXGCdmrmA+J2VB5SPBpYvwEliAbPhtvyLK9OjLJ0Kb eT8w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1777656691; x=1778261491; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=r2jdlpGF4XpPc9ZFDgVdeXjA1AFqLuNKcjK8mHttf1o=; b=IXuFO2qgLdTdXghix6JfvEOGBuTmolVXESR7ObJgY9vo0h267Bt1YC2gsPXeN0erxg KwgOfO6M4UDGvVUVPr1EjA4CFI4ygPv2HtgOHop24oyIfg78jzsv7l/V2HhNi6SvquW5 lNJ5VPJ92vHBN+hO1jmRbkeji5RzwnUB8TZpZ9jOaIZFDoVZNvfYdn0reMTAocTcvwS9 nrkhVCe8GIjlR+0Puvbka/W4iljrqS5xng6Ejh9bZ1E9q9q+NEPTGj6wEgYGQYP2gIsM BkPJ8sTaYvvkcb9udVRxLBgUeO2jUK9t3UlERQjZAYadRwV49fQCRQXGPVXMq6BN/A8x WWhg== X-Forwarded-Encrypted: i=1; AFNElJ/TDZ0esXAkbhp4kyHHLdZJZuQIXDsuOTiZDyJQHBkMhL6uF6RG0EEnt69wNNNrB6f23uup7dcAqXDixFo=@vger.kernel.org X-Gm-Message-State: AOJu0YzysiBmp+xiK+JWXfnSLGK7CPrEdT4kbmloe8gJ/VD5NuZgcyxI DgwB84IpCPbC7nFjsN6eQ93GYl0L83X42JeJ3yK1MqRKnVyE39cm3h2H X-Gm-Gg: AeBDies3oaoHyFE0p0kXu6aay+hES4NsWfU/ErZkdCI61FPL53pqB4/QhF1bgf0rVmr L//bDHT779LNPwIWUYys2ok0czfIlrQWd6e89nKuhp0yov2X9uBx2T3YuMXIRalqYqwONu50j3x INRqEQzV3jWlhYhzyc/WfkcfGXluQRXjpmRGnuyeMAE6tMXDTmYe8ouI0PbdORQeKT4RUsG5iev QMOETMw6vJWsihgpezxOTnCm3vVoE18cSJ0BqBm3F9KjWrgZRAF6gcSSDsLzZ7rxb6tQO79YX7S 0fe6NebkroyPVZrDww19Wum3doUbH9aAe4nsrv/rWjsk7UJc+e3rmL2ptaBqXEX8gVhZPVW6dMN JinXZJk5gG9HVFNzeKlSAVF/aF0XaILX19i/SoAW/aI4K8YX8XyopAlRRxpmyr9GVLk0gAGuTzt waMsdGTLb31jJUUnQZZfjXXIRQV8VUHMlRdoORnw== X-Received: by 2002:a17:902:e54b:b0:2b7:88f9:9c28 with SMTP id d9443c01a7336-2b9f1cede68mr3019515ad.5.1777656691129; Fri, 01 May 2026 10:31:31 -0700 (PDT) Received: from laptop ([2001:4455:8025:be00:15cc:43cd:8af9:5a8e]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-2b9caad2459sm27094895ad.33.2026.05.01.10.31.27 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 01 May 2026 10:31:30 -0700 (PDT) From: Cris Jacob Maamor To: Mike Rapoport , Pasha Tatashin , Pratyush Yadav Cc: Alexander Graf , Andrew Morton , Greg Kroah-Hartman , kexec@lists.infradead.org, linux-mm@kvack.org, linux-kernel@vger.kernel.org Subject: [PATCH v2 2/5] liveupdate: validate LUO FDT physical address before mapping Date: Sat, 2 May 2026 01:30:50 +0800 Message-ID: <20260501173053.73116-3-crisjacobmaamor@gmail.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260501173053.73116-1-crisjacobmaamor@gmail.com> References: <20260501094637.38650-1-crisjacobmaamor@gmail.com> <20260501173053.73116-1-crisjacobmaamor@gmail.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" LUO gets the restored FDT address from KHO and maps it with phys_to_virt(). Check the FDT size and make sure the address range is KHO-preserved before mapping it. Reject empty or oversized FDT metadata. Signed-off-by: Cris Jacob Maamor --- kernel/liveupdate/luo_core.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/kernel/liveupdate/luo_core.c b/kernel/liveupdate/luo_core.c index 803f51c84275..633a16434164 100644 --- a/kernel/liveupdate/luo_core.c +++ b/kernel/liveupdate/luo_core.c @@ -82,6 +82,7 @@ early_param("liveupdate", early_liveupdate_param); =20 static int __init luo_early_startup(void) { + size_t fdt_size; phys_addr_t fdt_phys; int err, ln_size; const void *ptr; @@ -94,7 +95,8 @@ static int __init luo_early_startup(void) } =20 /* Retrieve LUO subtree, and verify its format. */ - err =3D kho_retrieve_subtree(LUO_FDT_KHO_ENTRY_NAME, &fdt_phys, NULL); + err =3D kho_retrieve_subtree(LUO_FDT_KHO_ENTRY_NAME, &fdt_phys, + &fdt_size); if (err) { if (err !=3D -ENOENT) { pr_err("failed to retrieve FDT '%s' from KHO: %pe\n", @@ -105,6 +107,12 @@ static int __init luo_early_startup(void) return 0; } =20 + if (!fdt_size || fdt_size > LUO_FDT_SIZE || + !kho_is_preserved(fdt_phys, DIV_ROUND_UP(fdt_size, PAGE_SIZE))) { + pr_err("Invalid LUO FDT from KHO\n"); + return -EINVAL; + } + luo_global.fdt_in =3D phys_to_virt(fdt_phys); err =3D fdt_node_check_compatible(luo_global.fdt_in, 0, LUO_FDT_COMPATIBLE); --=20 2.53.0 From nobody Sun Jun 14 07:35:29 2026 Received: from mail-pl1-f169.google.com (mail-pl1-f169.google.com [209.85.214.169]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B428825F984 for ; Fri, 1 May 2026 17:31:35 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.169 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777656696; cv=none; b=IFwobwd+N0ECIOi9X2x0LN3nrGDWJYq9s3LuuIuJAjDlK9LuOt3m/WkSsipHKl54ZHSLJy1Kzz3MoeVbrvdsX1LGrKSy7fFjInqSKCwnN3btfQUjTgIaKUemH/T0K8eavOpeIYgCO6pmLwUAdKP85iPPn2hVVtfXCr89sLthk/o= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777656696; c=relaxed/simple; bh=OnrW1DWYjOoentfhwT2TkBVIvw6RB2xHmcVD2F9SW9g=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=c+OuqR9bUiMEtR99NfP4CXL7r34ujGW7Skv18myBk/171DigFdYB6s3xyOaHSGJ8ttYFAFvgaUkRspq9AP0/kwtVvleW/q4oXKzVXUnXkbIB4gLdpnxh2Lty05P1tZk4r4TAnJn9amcq45F2ToopN6160UdVtGK2IelZ9MIGmkg= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=CmGXMDhQ; arc=none smtp.client-ip=209.85.214.169 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="CmGXMDhQ" Received: by mail-pl1-f169.google.com with SMTP id d9443c01a7336-2b25cf1b5f0so11910905ad.3 for ; Fri, 01 May 2026 10:31:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1777656695; x=1778261495; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=8CXENGFI680//+XMLD9o6Yj9f9pS4CJGNcNi4QeEBC0=; b=CmGXMDhQbi5fRCXuZY78IhEPUizhW+82BWJ3EoRnbdPBwPn3D8lZEyq4qRVbPnJqOr lbEzSMIJ0vz4fkfb5M0GA0q28iu2y47k02KgMkRUjBh5CSrA+ZsmbobXOZEuNmyvXVAx xOdX/e+lTg+RLnv8wyB1VMGfhuqTuAD6EXmJADYYMfKWeBQxROCa3L+H46LwhRG37eyD /92shpo5iY1p61Bc/d+NAY6/+bCcWkTevhe2cZ6EtN0RTsj+h30T+Kj0Zch/rqwsuu1a yZZoALiREBkmo3mwTTCxSV4yNQM8Va8RaRGhzMNiQZ38YzDYV4Vf/WnHTeJVUyr5I3y8 bnyQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1777656695; x=1778261495; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=8CXENGFI680//+XMLD9o6Yj9f9pS4CJGNcNi4QeEBC0=; b=iCs3W3Po79Z6rPrkox97kdrQILgVpnsmZxVZRqUvNp4BBMn8EJwfwe45jvmvMh//tD xG0G4fVULfNhyCMNF7CvFdd9vohd6Y0q0zcAPELnTsNvk5r/u7njmTnpgwXjUEL90Apg Zw2N3DDLQFZS5JrNVlhdaLgdz0b7O1J3YJ8a783q4MiN9WlK1zLgam/AU0c26+kppuoN fuJUsvyCmbzcZqAlef8SN6ncskXmBZqZMkE2U6FVjUrGfFvclG+gGCRmJLpSF01u1s5W chMJtIGsuKup0dHmjyiLFxU9McDbxHGJC1J26Q8hidmcNPdwXxEkk8pG0MD2/Puo/eaM n1cA== X-Forwarded-Encrypted: i=1; AFNElJ/40OeGAmfBgJhEBwehGYcYYSxuUqP+nuXhNmDb6u3/mlCC6SWQO77vlifOqTe1WnrkiA0Q5ows5pTzRNA=@vger.kernel.org X-Gm-Message-State: AOJu0YxomcipY/u15oXBj+4rSsN65c+tokdsfEwkOI3E8Rl2eQHaR332 ibzb+BpEirRomFX2vKcYlOFgSabD8vDZfIeKqekTYg57sJZomO+DFDXI X-Gm-Gg: AeBDieuJPU7uRFPyVz/pQMGoP+MdeuBp/0nLB5wLmj6U3u5+w8FdZB2a51W/3p13FuL jZHMbddLtTZmMp0MHKAPfB+XSrudnhZCxYSXvtkxOAo4fk6yH6tkH0kLfbdx21KH235RM7XfdLf hrz3To4K4HQZv7qqr5lo5Z9YDE1DtX1xvgUNPnxaKmk8y9OJg3tW6QFqSeFsZ9gPeq5Unw4bg1F 1tnQolvCyWsHb6dJyy1MHrL7vB+iMxfOhs41pnHahenO9Leh+EPLM8OencVHlXbNiNPnttt9vat MLOG9sH07MwYSlOLWD5WW+LaTUr+kNBshm7wUHUyXl/PM4dKuD4qAxSBlqTaSle8yW14YxC9dml yov4br0b4lpxTzs47v7/zOo/Wpp+niAOJGg/vw/8qD+GOdrpnEsVG07ds45KMplnxbV0CJLp/Xh /iHWpay7hCyH0S8oADVj8lS2Xr6YLO9DtLj9WrwA== X-Received: by 2002:a17:903:380f:b0:2b2:9f9f:fe6b with SMTP id d9443c01a7336-2b9f2821038mr1393735ad.40.1777656695011; Fri, 01 May 2026 10:31:35 -0700 (PDT) Received: from laptop ([2001:4455:8025:be00:15cc:43cd:8af9:5a8e]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-2b9caad2459sm27094895ad.33.2026.05.01.10.31.31 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 01 May 2026 10:31:34 -0700 (PDT) From: Cris Jacob Maamor To: Mike Rapoport , Pasha Tatashin , Pratyush Yadav Cc: Alexander Graf , Andrew Morton , Greg Kroah-Hartman , kexec@lists.infradead.org, linux-mm@kvack.org, linux-kernel@vger.kernel.org Subject: [PATCH v2 3/5] liveupdate: validate restored LUO session metadata Date: Sat, 2 May 2026 01:30:51 +0800 Message-ID: <20260501173053.73116-4-crisjacobmaamor@gmail.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260501173053.73116-1-crisjacobmaamor@gmail.com> References: <20260501094637.38650-1-crisjacobmaamor@gmail.com> <20260501173053.73116-1-crisjacobmaamor@gmail.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" The restored FDT contains the physical address of the LUO session header, which LUO maps before reading session metadata. Check that physical range against KHO-preserved memory before calling phys_to_virt(), and abort the restore if the physical range is not covered. The session header has a count that controls how far LUO walks the serialized session array. Check that count against LUO_SESSION_MAX before deserialization, and abort the restore if the value is out of range. Signed-off-by: Cris Jacob Maamor --- kernel/liveupdate/luo_session.c | 22 ++++++++++++++++++++-- 1 file changed, 20 insertions(+), 2 deletions(-) diff --git a/kernel/liveupdate/luo_session.c b/kernel/liveupdate/luo_sessio= n.c index a3327a28fc1f..0244c071936d 100644 --- a/kernel/liveupdate/luo_session.c +++ b/kernel/liveupdate/luo_session.c @@ -501,7 +501,18 @@ int __init luo_session_setup_incoming(void *fdt_in) } =20 header_ser_pa =3D get_unaligned((u64 *)ptr); + if (!kho_is_preserved(header_ser_pa, LUO_SESSION_PGCNT)) { + pr_err("Session header is not KHO preserved: %#llx\n", + (unsigned long long)header_ser_pa); + return -EINVAL; + } + header_ser =3D phys_to_virt(header_ser_pa); + if (header_ser->count > LUO_SESSION_MAX) { + pr_err("Invalid session count: %llu\n", + (unsigned long long)header_ser->count); + return -EINVAL; + } =20 luo_session_global.incoming.header_ser =3D header_ser; luo_session_global.incoming.ser =3D (void *)(header_ser + 1); @@ -515,6 +526,7 @@ int luo_session_deserialize(void) struct luo_session_header *sh =3D &luo_session_global.incoming; static bool is_deserialized; static int err; + u64 count; =20 /* If has been deserialized, always return the same error code */ if (is_deserialized) @@ -524,6 +536,13 @@ int luo_session_deserialize(void) if (!sh->active) return 0; =20 + count =3D sh->header_ser->count; + if (count > LUO_SESSION_MAX) { + pr_err("Invalid session count: %llu\n", + (unsigned long long)count); + return -EINVAL; + } + /* * Note on error handling: * @@ -539,7 +558,7 @@ int luo_session_deserialize(void) * userspace to detect the failure and trigger a reboot, which will * reliably reset devices and reclaim memory. */ - for (int i =3D 0; i < sh->header_ser->count; i++) { + for (u64 i =3D 0; i < count; i++) { struct luo_session *session; =20 session =3D luo_session_alloc(sh->ser[i].name); @@ -606,4 +625,3 @@ int luo_session_serialize(void) =20 return err; } - --=20 2.53.0 From nobody Sun Jun 14 07:35:29 2026 Received: from mail-pj1-f49.google.com (mail-pj1-f49.google.com [209.85.216.49]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A36333033F8 for ; Fri, 1 May 2026 17:31:39 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.49 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777656700; cv=none; b=PWtg7B084uTVRcsqf7bIOqVYr3O8mO8CzjQJwcsj8uoxH/P767hg0lQDwkSYaWOnoDm5tQYTlHgnqRDu6vK6cn+UVUYMoEoScjr8o7wIrOZe5Zoxdstm2PODGjCI63X0myfYNDgzhbTsZvunYfh2afZkGzFVvZdQUUf3HAGVIVk= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777656700; c=relaxed/simple; bh=rCpR5YkxHXGyuLQlB1QBQxEML25X/nTWRGzHE5NV4u4=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=KYiw6SdlVfgWkn9WZBkHAdN+CL4u3O3MEgm9hjjgchWUtIJqRJeZdkGQRYvpGEZlRr0K+m7D9rmFMB2iEI5CZf4VifoJGDe45WzZo04mJQS9L36EoGFBH6W/3LMdmXUPUpIdbseUoUAw11QFl1R9J5shqRaU06vPZwt06/YqMic= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=O7no+abL; arc=none smtp.client-ip=209.85.216.49 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="O7no+abL" Received: by mail-pj1-f49.google.com with SMTP id 98e67ed59e1d1-35d94f4ee36so1547984a91.3 for ; Fri, 01 May 2026 10:31:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1777656699; x=1778261499; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=KV7zz3IVCgqM4rAO8VDBmG5qW5sfO3INZmQIYnfF9qQ=; b=O7no+abLqbf94Z3MhJL/RAAw4ISegnCh+n0Fup3eLCI56H7Q9/vUhRY6tgTRmF371h FY6w321qhFL66oOwvpyZxgD4DCD/eBG+TpS/7affE09CIO2FROulYGuak7IqhGDYtdJf NWOLWp7tUc3VegWqZ7PprUXkoqp2QxG86mL5EebzcDKKJF3kLYcTU8Kgts7t4c0R8ZSk RwCuNQP8JRHDoqeOaUNgYzpya6UlDtxBzb4PFDDXakMs3sR/IRfU23ZSoxq7A3CS/xL6 5LUiTBrnMYNh50yTz9N/S+VQ/4JKXolgbjtW3sJZoCTPyVgGsDsGWRfQ6usCv7AzJ56a Vtow== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1777656699; x=1778261499; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=KV7zz3IVCgqM4rAO8VDBmG5qW5sfO3INZmQIYnfF9qQ=; b=lXLdwwP5wZvti8h6IMUsAmDKwE+2q6sckroEl7fwaheKwtGdyd8JbC3vNMNnkmoUpG gbnhS29rK1kdWEG+HuKnbMaZ2BI0Cq4mtK0Kb0IMyaS7CUWy2lXVOpcIYyqrOYt75SWQ cAvJd0ZirNu9HKBe1V4IiPLJ042MGeX95P8EQwTDLB/7RgrQ+sggWaLuaXP52renckof /LCVAFjhFbQXrqYVwpuMgXaMMgI/W0XP21s7/nvwgi8gqRX2VEgGXDvYtGKK1V3Iz7DG S/39eAwaXZWQKSlcf5p/AxF3u1aBJagH819yhSVQ8NhOe+c4UH6APowBReszleagAoQ7 R/sw== X-Forwarded-Encrypted: i=1; AFNElJ8JVXDr3jt75oLZWTJoW8tYTophnAqzpeOmlwl/TNdOP+/m4isG6K7Vhw0+wVsyZDLV1x+9GRkE/5flm5I=@vger.kernel.org X-Gm-Message-State: AOJu0YyoYEUf6ig+RNvgNx/1xeVnSmGk8y/UtivxeHKTHh2obm2C49U7 blg0vJlAikAqFGOhjMHYIeXyWo4AQKTl/Z08thc8OypBqFc077Smvr6q X-Gm-Gg: AeBDievssq30592cw41L2nJ6xaKuPlCEQwRwZjK31vpncUeii/pMAiH9k6SyRJG8lqI enIEZo4EowVeT+V0yD7Duep6N4Ap5GGCpCJdYA88G+6xeC8JLysK2L+1myP/kNONW1UzkqP8EP4 IxypXurluurHbZ+ukyO4Oazt6nQG/MO5CVVP8+S9EnFRfkHMKeh2yttqH/Xochd+cxMkIV3DmdG 2KSEkut97kiWC3CtuSaRygrytZ0fm4BrRPeK3ZoU+HqDIS2i5TRJ44U1IgG/w9A5vO4Pnv72Mdf 3v3VGvJh3/axDaBhYizGhjROZo20m63aGBZgDm2B08n0rjYpHTi7HlfdTQ2yYjhD3SSeq4PLq9B Whh0ktD5LyNCd04Lp89Mv6Xw1uMPxFCVFt+CK5I0rY/MYS7fJCrqH5oBC0VTcP6SSjKVws6NKwl DtPR+JTLhcB6+ZB4s63+Z1IocAnNIfA1aFLkUqpw== X-Received: by 2002:a17:90b:1d44:b0:35b:e4d8:e21d with SMTP id 98e67ed59e1d1-3650cdd4a78mr173094a91.2.1777656699024; Fri, 01 May 2026 10:31:39 -0700 (PDT) Received: from laptop ([2001:4455:8025:be00:15cc:43cd:8af9:5a8e]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-2b9caad2459sm27094895ad.33.2026.05.01.10.31.35 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 01 May 2026 10:31:38 -0700 (PDT) From: Cris Jacob Maamor To: Mike Rapoport , Pasha Tatashin , Pratyush Yadav Cc: Alexander Graf , Andrew Morton , Greg Kroah-Hartman , kexec@lists.infradead.org, linux-mm@kvack.org, linux-kernel@vger.kernel.org Subject: [PATCH v2 4/5] liveupdate: validate restored LUO file set metadata Date: Sat, 2 May 2026 01:30:52 +0800 Message-ID: <20260501173053.73116-5-crisjacobmaamor@gmail.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260501173053.73116-1-crisjacobmaamor@gmail.com> References: <20260501094637.38650-1-crisjacobmaamor@gmail.com> <20260501173053.73116-1-crisjacobmaamor@gmail.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" The restored session metadata provides the LUO file set address and count. LUO maps that address with phys_to_virt() and uses the restored count to walk the serialized file array. Reject invalid empty file set metadata, reject counts above LUO_FILE_MAX, and check that the physical range is KHO-preserved before mapping it. Signed-off-by: Cris Jacob Maamor --- kernel/liveupdate/luo_file.c | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/kernel/liveupdate/luo_file.c b/kernel/liveupdate/luo_file.c index a0a419085e28..cde43d822f8f 100644 --- a/kernel/liveupdate/luo_file.c +++ b/kernel/liveupdate/luo_file.c @@ -783,11 +783,21 @@ int luo_file_deserialize(struct luo_file_set *file_se= t, struct luo_file_ser *file_ser; u64 i; =20 - if (!file_set_ser->files) { - WARN_ON(file_set_ser->count); + if (!file_set_ser->count) { + if (file_set_ser->files) + return -EINVAL; return 0; } =20 + if (file_set_ser->count > LUO_FILE_MAX) + return -EINVAL; + + if (!file_set_ser->files) + return -EINVAL; + + if (!kho_is_preserved(file_set_ser->files, LUO_FILE_PGCNT)) + return -EINVAL; + file_set->count =3D file_set_ser->count; file_set->files =3D phys_to_virt(file_set_ser->files); =20 --=20 2.53.0 From nobody Sun Jun 14 07:35:29 2026 Received: from mail-pl1-f179.google.com (mail-pl1-f179.google.com [209.85.214.179]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 95623311597 for ; Fri, 1 May 2026 17:31:44 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.179 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777656705; cv=none; b=A+ikiAXnH6OXDpE7+v6HSHDmAI8y/KD0t7PNyrWk7b/OoUzXAVAXFIkwiKDK9eQBx6BN5c7Kttn4f4zykTDrZaNELbgWp2Zl6/JSd9TwVy2qlSojqEITCdw2Oral9kxHEWBgM/4aM6nmOoTmKe41rIkbu3YooEXCxmfmNhYTY98= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777656705; c=relaxed/simple; bh=xdZizfPZKLSRqt6VhXLq1pR8tVm/kIHc6x9MNeb8mmA=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=Nq6ac7xhGoDty7whwZtW2rrEe0iRd6JS3HC+7CmNMHeQAcn26q0ciJDsWEVmDB0XUW2+RfrGMduSvHa5LH0paj3VxmhuSGwCsDY0/9TJsGnPqABarGS9MHgvdEcdoilR38WlRNIC3WoaK81iUFu0nXXQLKFXaGh2E57dEZgvthE= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=k8QSf/EP; arc=none smtp.client-ip=209.85.214.179 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="k8QSf/EP" Received: by mail-pl1-f179.google.com with SMTP id d9443c01a7336-2ab46931cf1so20740825ad.0 for ; Fri, 01 May 2026 10:31:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1777656704; x=1778261504; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=kl2Z21aRDWvEO9ZM3F5D114Gv3b0H+mzb5aSolSK6U0=; b=k8QSf/EP+P453ZDslzODZIeApbVIQijgwuMi/VTHvOrm7Wy9ssAktIXk/o5TxvGE8N v+aOI6n0318R/0eHTvnTe9ySJ7GwzZvcBVomcJqrEg5shEK7M0VVOwR75Mlow+6CBMfK UDc2rFF8TQYI8jRTLiBM65pYMyASuzx8reMMv3peDojGiEWaWNXGlW6iDYNRcv5y2M3T m5HR1Fg2Y1PPLapNLgmSZBXDsJKxH7MtTanYDBsChasEZ8R0nUjCIAvKbsKyvJvVCBEO bXVHMgU67VHyv76tbr34g4HbludLj/lYR1hyO4dYEc4NV03/C+8DAFdFVaH/ee+vTOqK eQ3Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1777656704; x=1778261504; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=kl2Z21aRDWvEO9ZM3F5D114Gv3b0H+mzb5aSolSK6U0=; b=ChOBUYjXO14LozZUC8GkSmMsWElM3/uYtjncocXlUg30FU47kZ7XNN2svb+JIM6y07 rAr2iSPmv5zvRpNNM2Dm7RO3ozFnxnTvE3zu0JIZ8u3jwC5W68QnmfqF+zbv10HuU5SE KKCZf2qEwihtyCG8GWtCPw7RPEH79TI90sHPgXeY4LX65vJOlHIgBFSxKQWby9WZsplK ZIo1a7oBhGWEdreNQuIlgdvtievjvd5JdZOmhKYIej4ovFCJCmq0JlJZyfxlB/diM5yS +V5f6QmFvLHxf+To4fXbLacwJAC8lZWlIQSbUl2bS7abZNMZWl0icoDMt+mekIiPdd6W Rx9Q== X-Forwarded-Encrypted: i=1; AFNElJ9k+GO0FzYx36Rh0br1CqZkS4NHBGq1j4NWfUOFv4XvEnQaSPF6KtJqx4OGeaeFzeYeLxyDsxZRt96jSJU=@vger.kernel.org X-Gm-Message-State: AOJu0YwZVpeIQ3+05w8viZLt3IBLB3FxYapEIcCtz3vWNbBXMavZzlV2 CrN0f9igeUVc6RcqavA6FjWvHZV9N/+5f3+cU9M3WrhO9FmcJIdrFKjl X-Gm-Gg: AeBDievljGpbDYm4M7dZvSQoADsMw2O2LqGFDCUsOMn4iJDI1kuoLThJqIHjULc7Let eFwuTFwEQ1KzFb+f2xDet+pL0eZm/Frs2h2ZAifUdcDaLNP1N4No+JIP9SjOvqwLt9r0iOicZtL EVwCNLcQuN1JWmMOq1xyXTtM2ytl3FSIn9OZSMxKOOaI2fEAKgKueAzpJYKEpw0j7k+xMeVvKBD j+umeHGfVWzTGWzHMFUg3bzby/uYlU0gmngRmtt17ECToyg124530F+TzYdpRKvgFuSevqtNkyc doLK58h7P7tqvb7ddE0GN+mq1dp5lGBzeohV/mD5M8u570dq6h2LAE8A2+pj+grcEQbBbrJTAtj YJEqU0TE0fiy4ue9jKVq+dm2Vv7UpvyGWef9LLycsR137WXBkpDyCezLwYpDhpLJTf7U3azvGbK JGfeexHrq1W48zgodHyfTkia3vYhTvQNrF1orm9F2g3Vvf49j1 X-Received: by 2002:a17:902:868d:b0:2b0:6068:4c5f with SMTP id d9443c01a7336-2b9a42fd480mr45822995ad.8.1777656703888; Fri, 01 May 2026 10:31:43 -0700 (PDT) Received: from laptop ([2001:4455:8025:be00:15cc:43cd:8af9:5a8e]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-2b9caad2459sm27094895ad.33.2026.05.01.10.31.39 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 01 May 2026 10:31:42 -0700 (PDT) From: Cris Jacob Maamor To: Mike Rapoport , Pasha Tatashin , Pratyush Yadav Cc: Alexander Graf , Andrew Morton , Greg Kroah-Hartman , kexec@lists.infradead.org, linux-mm@kvack.org, linux-kernel@vger.kernel.org Subject: [PATCH v2 5/5] liveupdate: validate restored LUO FLB metadata Date: Sat, 2 May 2026 01:30:53 +0800 Message-ID: <20260501173053.73116-6-crisjacobmaamor@gmail.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260501173053.73116-1-crisjacobmaamor@gmail.com> References: <20260501094637.38650-1-crisjacobmaamor@gmail.com> <20260501173053.73116-1-crisjacobmaamor@gmail.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" The restored FDT contains the physical address of the LUO FLB header, which LUO maps before using the restored FLB metadata. Check that the FLB header range is KHO-preserved before calling phys_to_virt(). Reject invalid page counts and counts above LUO_FLB_MAX before walking the restored FLB array. Signed-off-by: Cris Jacob Maamor --- kernel/liveupdate/luo_flb.c | 23 ++++++++++++++++++++++- 1 file changed, 22 insertions(+), 1 deletion(-) diff --git a/kernel/liveupdate/luo_flb.c b/kernel/liveupdate/luo_flb.c index 00f5494812c4..e80032669cea 100644 --- a/kernel/liveupdate/luo_flb.c +++ b/kernel/liveupdate/luo_flb.c @@ -162,6 +162,7 @@ static int luo_flb_retrieve_one(struct liveupdate_flb *= flb) struct luo_flb_header *fh =3D &luo_flb_global.incoming; struct liveupdate_flb_op_args args =3D {0}; bool found =3D false; + u64 count; int err; =20 guard(mutex)(&private->incoming.lock); @@ -175,7 +176,14 @@ static int luo_flb_retrieve_one(struct liveupdate_flb = *flb) if (!fh->active) return -ENODATA; =20 - for (int i =3D 0; i < fh->header_ser->count; i++) { + count =3D fh->header_ser->count; + if (count > LUO_FLB_MAX) { + pr_err("Invalid FLB count: %llu\n", + (unsigned long long)count); + return -EINVAL; + } + + for (u64 i =3D 0; i < count; i++) { if (!strcmp(fh->ser[i].name, flb->compatible)) { private->incoming.data =3D fh->ser[i].data; private->incoming.count =3D fh->ser[i].count; @@ -620,7 +628,20 @@ int __init luo_flb_setup_incoming(void *fdt_in) } =20 header_ser_pa =3D get_unaligned((u64 *)ptr); + if (!kho_is_preserved(header_ser_pa, LUO_FLB_PGCNT)) { + pr_err("FLB header is not KHO preserved: %#llx\n", + (unsigned long long)header_ser_pa); + return -EINVAL; + } + header_ser =3D phys_to_virt(header_ser_pa); + if (header_ser->pgcnt !=3D LUO_FLB_PGCNT || + header_ser->count > LUO_FLB_MAX) { + pr_err("Invalid FLB header: pgcnt %llu count %llu\n", + (unsigned long long)header_ser->pgcnt, + (unsigned long long)header_ser->count); + return -EINVAL; + } =20 luo_flb_global.incoming.header_ser =3D header_ser; luo_flb_global.incoming.ser =3D (void *)(header_ser + 1); --=20 2.53.0