Patch Detail
get:
Show a patch.
patch:
Update a patch.
put:
Update a patch.
GET /api/patches/2217369/?format=api
{ "id": 2217369, "url": "http://patchwork.ozlabs.org/api/patches/2217369/?format=api", "web_url": "http://patchwork.ozlabs.org/project/linuxppc-dev/patch/20260328074013.3589544-4-ruanjinjie@huawei.com/", "project": { "id": 2, "url": "http://patchwork.ozlabs.org/api/projects/2/?format=api", "name": "Linux PPC development", "link_name": "linuxppc-dev", "list_id": "linuxppc-dev.lists.ozlabs.org", "list_email": "linuxppc-dev@lists.ozlabs.org", "web_url": "https://github.com/linuxppc/wiki/wiki", "scm_url": "https://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux.git", "webscm_url": "https://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux.git/", "list_archive_url": "https://lore.kernel.org/linuxppc-dev/", "list_archive_url_format": "https://lore.kernel.org/linuxppc-dev/{}/", "commit_url_format": "https://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux.git/commit/?id={}" }, "msgid": "<20260328074013.3589544-4-ruanjinjie@huawei.com>", "list_archive_url": "https://lore.kernel.org/linuxppc-dev/20260328074013.3589544-4-ruanjinjie@huawei.com/", "date": "2026-03-28T07:40:05", "name": "[v11,03/11] x86/kexec: Fix potential buffer overflow in prepare_elf_headers()", "commit_ref": null, "pull_url": null, "state": "handled-elsewhere", "archived": false, "hash": "d2a3ead6c10ed8fc30d52fc2aa79ece94f4ce9c3", "submitter": { "id": 84791, "url": "http://patchwork.ozlabs.org/api/people/84791/?format=api", "name": "Jinjie Ruan", "email": "ruanjinjie@huawei.com" }, "delegate": null, "mbox": "http://patchwork.ozlabs.org/project/linuxppc-dev/patch/20260328074013.3589544-4-ruanjinjie@huawei.com/mbox/", "series": [ { "id": 497856, "url": "http://patchwork.ozlabs.org/api/series/497856/?format=api", "web_url": "http://patchwork.ozlabs.org/project/linuxppc-dev/list/?series=497856", "date": "2026-03-28T07:40:03", "name": "arm64/riscv: Add support for crashkernel CMA reservation", "version": 11, "mbox": "http://patchwork.ozlabs.org/series/497856/mbox/" } ], "comments": "http://patchwork.ozlabs.org/api/patches/2217369/comments/", "check": "pending", "checks": "http://patchwork.ozlabs.org/api/patches/2217369/checks/", "tags": {}, "related": [], "headers": { "Return-Path": "\n <linuxppc-dev+bounces-18952-incoming=patchwork.ozlabs.org@lists.ozlabs.org>", "X-Original-To": [ "incoming@patchwork.ozlabs.org", "linuxppc-dev@lists.ozlabs.org" ], "Delivered-To": "patchwork-incoming@legolas.ozlabs.org", "Authentication-Results": [ "legolas.ozlabs.org;\n\tdkim=pass (1024-bit key;\n unprotected) header.d=huawei.com header.i=@huawei.com header.a=rsa-sha256\n header.s=dkim header.b=PCikQ7pI;\n\tdkim-atps=neutral", "legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=lists.ozlabs.org\n (client-ip=112.213.38.117; helo=lists.ozlabs.org;\n envelope-from=linuxppc-dev+bounces-18952-incoming=patchwork.ozlabs.org@lists.ozlabs.org;\n receiver=patchwork.ozlabs.org)", "lists.ozlabs.org;\n arc=none smtp.remote-ip=113.46.200.222", "lists.ozlabs.org;\n dmarc=pass (p=quarantine dis=none) header.from=huawei.com", "lists.ozlabs.org;\n\tdkim=pass (1024-bit key;\n unprotected) header.d=huawei.com header.i=@huawei.com header.a=rsa-sha256\n header.s=dkim header.b=PCikQ7pI;\n\tdkim-atps=neutral", "lists.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=huawei.com\n (client-ip=113.46.200.222; helo=canpmsgout07.his.huawei.com;\n envelope-from=ruanjinjie@huawei.com; receiver=lists.ozlabs.org)" ], "Received": [ "from lists.ozlabs.org (lists.ozlabs.org [112.213.38.117])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4fjTwv0VXSz1xy1\n\tfor <incoming@patchwork.ozlabs.org>; Sat, 28 Mar 2026 18:41:51 +1100 (AEDT)", "from boromir.ozlabs.org (localhost [127.0.0.1])\n\tby lists.ozlabs.org (Postfix) with ESMTP id 4fjTwT4xhPz2yrD;\n\tSat, 28 Mar 2026 18:41:29 +1100 (AEDT)", "from canpmsgout07.his.huawei.com (canpmsgout07.his.huawei.com\n [113.46.200.222])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519 server-signature RSA-PSS (2048 bits) server-digest\n SHA256)\n\t(No client certificate requested)\n\tby lists.ozlabs.org (Postfix) with ESMTPS id 4fjTwS50b1z2ypm\n\tfor <linuxppc-dev@lists.ozlabs.org>; Sat, 28 Mar 2026 18:41:28 +1100 (AEDT)", "from mail.maildlp.com (unknown [172.19.163.214])\n\tby canpmsgout07.his.huawei.com (SkyGuard) with ESMTPS id 4fjTnL4BJGzLlsZ;\n\tSat, 28 Mar 2026 15:35:18 +0800 (CST)", "from dggpemf500011.china.huawei.com (unknown [7.185.36.131])\n\tby mail.maildlp.com (Postfix) with ESMTPS id 1B7C44056C;\n\tSat, 28 Mar 2026 15:41:25 +0800 (CST)", "from huawei.com (10.90.53.73) by dggpemf500011.china.huawei.com\n (7.185.36.131) with Microsoft SMTP Server (version=TLS1_2,\n cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1544.11; Sat, 28 Mar\n 2026 15:41:22 +0800" ], "ARC-Seal": "i=1; a=rsa-sha256; d=lists.ozlabs.org; s=201707; t=1774683689;\n\tcv=none;\n b=Y5oGqnRNUzVqDpw3lDfM25sTKGX8Zv5R23J5/6hdGiLwKW0zjpKfeGM6E1w9J3JN8J3kDPFGxky8JcJa2al7q70SbQA3+ITAJIHPiCXuVKKbIVVFT+195UjGO0HFEfycaylWDxdT7sSTnmxBRxsbv1oxXv9lCaA1yZsEAoSZjVrsN+qKqjQLdu1H/VncuiYbB4cK3LD6+vqL4Wwx3d/MKwPaW2GB5FtQ1iY7UKDTciuxv/T7PAQNzlj5a9FvRiZBF2x9IvKymQdgYf3I6iKCDqsvpkYhUrNsYbCgYF0VEzHMEhvKxYxJbZDSSITezEC5FEtbtzpasDMKWda253gkFQ==", "ARC-Message-Signature": "i=1; a=rsa-sha256; d=lists.ozlabs.org; s=201707;\n\tt=1774683689; c=relaxed/relaxed;\n\tbh=7Ej/nGP6D4OZlN2NP0wOiKbhFa+CLfU7f01IuTLoNYc=;\n\th=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References:\n\t MIME-Version:Content-Type;\n b=VlfsPUl4X09AhW07y5gi1nVyhTD5xTuNa7+tNKeY4ansRTYgjOi8OUD91HdtNIS1X5bSPi8WqlDS8k25z9YbmW6koy5u1QdfrEqrhfXVlbVFVw9skQBxdsuy7aKXu622IXPrkWDcAOhxvc9Z+ZdsQfYwkgSRJSxxX42BLWJJlRBUBsJdJ7YVz6762TYK4v2/lwmpJ2HwnupQbjQ1friiJ6MKe7+Bp1gsYGK80AVmHsdqKMF4s7vgo9GjCIE9H5FIqVgdA3t1eugvht/8bh2pSn0PoF18ghbJCBlaXJmQPowOyMV3KYu3x44Sr1jtln+Miwt9CX1RqF21VQVNjBq+iA==", "ARC-Authentication-Results": "i=1; lists.ozlabs.org;\n dmarc=pass (p=quarantine dis=none) header.from=huawei.com;\n dkim=pass (1024-bit key;\n unprotected) header.d=huawei.com header.i=@huawei.com header.a=rsa-sha256\n header.s=dkim header.b=PCikQ7pI; dkim-atps=neutral;\n spf=pass (client-ip=113.46.200.222; helo=canpmsgout07.his.huawei.com;\n envelope-from=ruanjinjie@huawei.com;\n receiver=lists.ozlabs.org) smtp.mailfrom=huawei.com", "dkim-signature": "v=1; a=rsa-sha256; d=huawei.com; s=dkim;\n\tc=relaxed/relaxed; q=dns/txt;\n\th=From;\n\tbh=7Ej/nGP6D4OZlN2NP0wOiKbhFa+CLfU7f01IuTLoNYc=;\n\tb=PCikQ7pIzeaKrzAs1XH/O8ZmZYPB9pV0fBIUYs2VLOstWE8QiBMRuVM3CIvEXipATIGW3TQ8X\n\tgcrx6UYl2RFLLYRjDgwBg3lAQFmP1VJZr1v/vi26ia8fHvOPtkTiccABS/ORh8k+igGZUfzsNYX\n\t1sRHQpEli+zR1tX+CITCvDo=", "From": "Jinjie Ruan <ruanjinjie@huawei.com>", "To": "<corbet@lwn.net>, <skhan@linuxfoundation.org>, <catalin.marinas@arm.com>,\n\t<will@kernel.org>, <chenhuacai@kernel.org>, <kernel@xen0n.name>,\n\t<maddy@linux.ibm.com>, <mpe@ellerman.id.au>, <npiggin@gmail.com>,\n\t<chleroy@kernel.org>, <pjw@kernel.org>, <palmer@dabbelt.com>,\n\t<aou@eecs.berkeley.edu>, <alex@ghiti.fr>, <tglx@kernel.org>,\n\t<mingo@redhat.com>, <bp@alien8.de>, <dave.hansen@linux.intel.com>,\n\t<hpa@zytor.com>, <robh@kernel.org>, <saravanak@kernel.org>,\n\t<akpm@linux-foundation.org>, <bhe@redhat.com>, <vgoyal@redhat.com>,\n\t<dyoung@redhat.com>, <rdunlap@infradead.org>, <peterz@infradead.org>,\n\t<feng.tang@linux.alibaba.com>, <pawan.kumar.gupta@linux.intel.com>,\n\t<dapeng1.mi@linux.intel.com>, <kees@kernel.org>, <elver@google.com>,\n\t<paulmck@kernel.org>, <lirongqing@baidu.com>, <rppt@kernel.org>,\n\t<leitao@debian.org>, <ardb@kernel.org>, <cfsworks@gmail.com>,\n\t<osandov@fb.com>, <jbohac@suse.cz>, <tangyouling@kylinos.cn>,\n\t<sourabhjain@linux.ibm.com>, <ritesh.list@gmail.com>,\n\t<eajames@linux.ibm.com>, <songshuaishuai@tinylab.org>,\n\t<kevin.brodsky@arm.com>, <vishal.moola@gmail.com>,\n\t<junhui.liu@pigmoral.tech>, <coxu@redhat.com>, <fuqiang.wang@easystack.cn>,\n\t<liaoyuanhong@vivo.com>, <guoren@kernel.org>, <chenjiahao16@huawei.com>,\n\t<hbathini@linux.ibm.com>, <takahiro.akashi@linaro.org>,\n\t<james.morse@arm.com>, <lizhengyu3@huawei.com>, <x86@kernel.org>,\n\t<linux-doc@vger.kernel.org>, <linux-kernel@vger.kernel.org>,\n\t<linux-arm-kernel@lists.infradead.org>, <loongarch@lists.linux.dev>,\n\t<linuxppc-dev@lists.ozlabs.org>, <linux-riscv@lists.infradead.org>,\n\t<devicetree@vger.kernel.org>, <kexec@lists.infradead.org>", "CC": "<ruanjinjie@huawei.com>", "Subject": "[PATCH v11 03/11] x86/kexec: Fix potential buffer overflow in\n prepare_elf_headers()", "Date": "Sat, 28 Mar 2026 15:40:05 +0800", "Message-ID": "<20260328074013.3589544-4-ruanjinjie@huawei.com>", "X-Mailer": "git-send-email 2.34.1", "In-Reply-To": "<20260328074013.3589544-1-ruanjinjie@huawei.com>", "References": "<20260328074013.3589544-1-ruanjinjie@huawei.com>", "X-Mailing-List": "linuxppc-dev@lists.ozlabs.org", "List-Id": "<linuxppc-dev.lists.ozlabs.org>", "List-Help": "<mailto:linuxppc-dev+help@lists.ozlabs.org>", "List-Owner": "<mailto:linuxppc-dev+owner@lists.ozlabs.org>", "List-Post": "<mailto:linuxppc-dev@lists.ozlabs.org>", "List-Archive": "<https://lore.kernel.org/linuxppc-dev/>,\n <https://lists.ozlabs.org/pipermail/linuxppc-dev/>", "List-Subscribe": "<mailto:linuxppc-dev+subscribe@lists.ozlabs.org>,\n <mailto:linuxppc-dev+subscribe-digest@lists.ozlabs.org>,\n <mailto:linuxppc-dev+subscribe-nomail@lists.ozlabs.org>", "List-Unsubscribe": "<mailto:linuxppc-dev+unsubscribe@lists.ozlabs.org>", "Precedence": "list", "MIME-Version": "1.0", "Content-Transfer-Encoding": "8bit", "Content-Type": "text/plain", "X-Originating-IP": "[10.90.53.73]", "X-ClientProxiedBy": "kwepems100001.china.huawei.com (7.221.188.238) To\n dggpemf500011.china.huawei.com (7.185.36.131)", "X-Spam-Status": "No, score=-0.2 required=3.0 tests=DKIM_SIGNED,DKIM_VALID,\n\tDKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS autolearn=disabled\n\tversion=4.0.1 OzLabs 8", "X-Spam-Checker-Version": "SpamAssassin 4.0.1 (2024-03-25) on lists.ozlabs.org" }, "content": "There is a race condition between the kexec_load() system call\n(crash kernel loading path) and memory hotplug operations that can lead\nto buffer overflow and potential kernel crash.\n\nDuring prepare_elf_headers(), the following steps occur:\n1. get_nr_ram_ranges_callback() queries current System RAM memory ranges\n2. Allocates buffer based on queried count\n3. prepare_elf64_ram_headers_callback() populates ranges from memblock\n\nIf memory hotplug occurs between step 1 and step 3, the number of ranges\ncan increase, causing out-of-bounds write when populating cmem->ranges[].\n\nThis happens because kexec_load() uses kexec_trylock (atomic_t) while\nmemory hotplug uses device_hotplug_lock (mutex), so they don't serialize\nwith each other.\n\nJust add bounds checking in prepare_elf64_ram_headers_callback() to\nprevent out-of-bounds (OOB) access,\n\nFixes: 8d5f894a3108 (\"x86: kexec_file: lift CRASH_MAX_RANGES limit on crash_mem buffer\")\nSigned-off-by: Jinjie Ruan <ruanjinjie@huawei.com>\n---\n arch/x86/kernel/crash.c | 3 +++\n 1 file changed, 3 insertions(+)", "diff": "diff --git a/arch/x86/kernel/crash.c b/arch/x86/kernel/crash.c\nindex 335fd2ee9766..7fa6d45ebe3f 100644\n--- a/arch/x86/kernel/crash.c\n+++ b/arch/x86/kernel/crash.c\n@@ -225,6 +225,9 @@ static int prepare_elf64_ram_headers_callback(struct resource *res, void *arg)\n {\n \tstruct crash_mem *cmem = arg;\n \n+\tif (cmem->nr_ranges >= cmem->max_nr_ranges)\n+\t\treturn -ENOMEM;\n+\n \tcmem->ranges[cmem->nr_ranges].start = res->start;\n \tcmem->ranges[cmem->nr_ranges].end = res->end;\n \tcmem->nr_ranges++;\n", "prefixes": [ "v11", "03/11" ] }