Patch Detail
get:
Show a patch.
patch:
Update a patch.
put:
Update a patch.
GET /api/patches/2217372/?format=api
{ "id": 2217372, "url": "http://patchwork.ozlabs.org/api/patches/2217372/?format=api", "web_url": "http://patchwork.ozlabs.org/project/linuxppc-dev/patch/20260328074013.3589544-7-ruanjinjie@huawei.com/", "project": { "id": 2, "url": "http://patchwork.ozlabs.org/api/projects/2/?format=api", "name": "Linux PPC development", "link_name": "linuxppc-dev", "list_id": "linuxppc-dev.lists.ozlabs.org", "list_email": "linuxppc-dev@lists.ozlabs.org", "web_url": "https://github.com/linuxppc/wiki/wiki", "scm_url": "https://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux.git", "webscm_url": "https://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux.git/", "list_archive_url": "https://lore.kernel.org/linuxppc-dev/", "list_archive_url_format": "https://lore.kernel.org/linuxppc-dev/{}/", "commit_url_format": "https://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux.git/commit/?id={}" }, "msgid": "<20260328074013.3589544-7-ruanjinjie@huawei.com>", "list_archive_url": "https://lore.kernel.org/linuxppc-dev/20260328074013.3589544-7-ruanjinjie@huawei.com/", "date": "2026-03-28T07:40:08", "name": "[v11,06/11] LoongArch: kexec: Fix potential buffer overflow in prepare_elf_headers()", "commit_ref": null, "pull_url": null, "state": "handled-elsewhere", "archived": false, "hash": "3ce215fe36cdff35d822959628d16ed714593511", "submitter": { "id": 84791, "url": "http://patchwork.ozlabs.org/api/people/84791/?format=api", "name": "Jinjie Ruan", "email": "ruanjinjie@huawei.com" }, "delegate": null, "mbox": "http://patchwork.ozlabs.org/project/linuxppc-dev/patch/20260328074013.3589544-7-ruanjinjie@huawei.com/mbox/", "series": [ { "id": 497856, "url": "http://patchwork.ozlabs.org/api/series/497856/?format=api", "web_url": "http://patchwork.ozlabs.org/project/linuxppc-dev/list/?series=497856", "date": "2026-03-28T07:40:03", "name": "arm64/riscv: Add support for crashkernel CMA reservation", "version": 11, "mbox": "http://patchwork.ozlabs.org/series/497856/mbox/" } ], "comments": "http://patchwork.ozlabs.org/api/patches/2217372/comments/", "check": "pending", "checks": "http://patchwork.ozlabs.org/api/patches/2217372/checks/", "tags": {}, "related": [], "headers": { "Return-Path": "\n <linuxppc-dev+bounces-18955-incoming=patchwork.ozlabs.org@lists.ozlabs.org>", "X-Original-To": [ "incoming@patchwork.ozlabs.org", "linuxppc-dev@lists.ozlabs.org" ], "Delivered-To": "patchwork-incoming@legolas.ozlabs.org", "Authentication-Results": [ "legolas.ozlabs.org;\n\tdkim=pass (1024-bit key;\n unprotected) header.d=huawei.com header.i=@huawei.com header.a=rsa-sha256\n header.s=dkim header.b=rPlh5l6P;\n\tdkim-atps=neutral", "legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=lists.ozlabs.org\n (client-ip=112.213.38.117; helo=lists.ozlabs.org;\n envelope-from=linuxppc-dev+bounces-18955-incoming=patchwork.ozlabs.org@lists.ozlabs.org;\n receiver=patchwork.ozlabs.org)", "lists.ozlabs.org;\n arc=none smtp.remote-ip=113.46.200.226", "lists.ozlabs.org;\n dmarc=pass (p=quarantine dis=none) header.from=huawei.com", "lists.ozlabs.org;\n\tdkim=pass (1024-bit key;\n unprotected) header.d=huawei.com header.i=@huawei.com header.a=rsa-sha256\n header.s=dkim header.b=rPlh5l6P;\n\tdkim-atps=neutral", "lists.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=huawei.com\n (client-ip=113.46.200.226; helo=canpmsgout11.his.huawei.com;\n envelope-from=ruanjinjie@huawei.com; receiver=lists.ozlabs.org)" ], "Received": [ "from lists.ozlabs.org (lists.ozlabs.org [112.213.38.117])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4fjTxJ3md2z1xy1\n\tfor <incoming@patchwork.ozlabs.org>; Sat, 28 Mar 2026 18:42:12 +1100 (AEDT)", "from boromir.ozlabs.org (localhost [127.0.0.1])\n\tby lists.ozlabs.org (Postfix) with ESMTP id 4fjTwd3lMQz2yvS;\n\tSat, 28 Mar 2026 18:41:37 +1100 (AEDT)", "from canpmsgout11.his.huawei.com (canpmsgout11.his.huawei.com\n [113.46.200.226])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519 server-signature RSA-PSS (2048 bits) server-digest\n SHA256)\n\t(No client certificate requested)\n\tby lists.ozlabs.org (Postfix) with ESMTPS id 4fjTwc4K4tz2ygm\n\tfor <linuxppc-dev@lists.ozlabs.org>; Sat, 28 Mar 2026 18:41:36 +1100 (AEDT)", "from mail.maildlp.com (unknown [172.19.163.214])\n\tby canpmsgout11.his.huawei.com (SkyGuard) with ESMTPS id 4fjTnS2VF4zKm6V;\n\tSat, 28 Mar 2026 15:35:24 +0800 (CST)", "from dggpemf500011.china.huawei.com (unknown [7.185.36.131])\n\tby mail.maildlp.com (Postfix) with ESMTPS id 850984056C;\n\tSat, 28 Mar 2026 15:41:33 +0800 (CST)", "from huawei.com (10.90.53.73) by dggpemf500011.china.huawei.com\n (7.185.36.131) with Microsoft SMTP Server (version=TLS1_2,\n cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1544.11; Sat, 28 Mar\n 2026 15:41:30 +0800" ], "ARC-Seal": "i=1; a=rsa-sha256; d=lists.ozlabs.org; s=201707; t=1774683697;\n\tcv=none;\n b=InZZVCG+0xom5X7axT7buaAEE37aYsfnH8cmyE90/SUFfLQAJXVs190hbIhp5uEmlwQxkAFMBggKTGfjL53jRzaZv84SyySNnAXYr5D+bq2MDyrvUdVM8MhKSSsTXy+Z8shSqWMPaAGzQcqjdkM5kAXvKh+wM8ZaRczQqtmB+94DCphkblnyB9noYWC8VXdvgn8KEXaVjkT/FYTeC0CSSLiI5xurm3BcK5swLDOHqtQMFH6FVNud+mfQ7DU8Tesd9KJ/F1CuPysS7fSYdE5fw9IdV5Fb0cIPu+pltlJY6qmcpBATUSNB1bxM8903ryiHHk2TCnUZP0HdWyI17THQpw==", "ARC-Message-Signature": "i=1; a=rsa-sha256; d=lists.ozlabs.org; s=201707;\n\tt=1774683697; c=relaxed/relaxed;\n\tbh=7Kwc6kWIjE6MMFJP+OfVcLTnCUv+ekJ3y6ZVFx802F8=;\n\th=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References:\n\t MIME-Version:Content-Type;\n b=kRJJDSetPkkL85rCymb8v/WC82HPxP2CRGHjYj3jiw+5CtKDPFJLBpLq4EBTnAtUVQZOqJjW2BA5ey1TFE3VpUc7eqb6IRC5kz3m5xwAwLcKa+jRk060A7SpNmTkLRB+Lo/q/GcByTdjcZp3yA7Dw/ITsfvXCz5XcF55qTCfP7pUVxMXST/uTR3IwfdbBiSGc1HM8HqrZsBTXUsNXzFF4CCenjuw8Pkm+NW1u78pGD6a1uS+qARi4kE/ZgHV2uLbyH/RfRdUM0BMyjw3Y4iINEx8nHjiARBqfM0iVJqhh6OY3K4bZtiUiU/+JLcoWJWOWyOxCL0opCtKVy9VLeGzUA==", "ARC-Authentication-Results": "i=1; lists.ozlabs.org;\n dmarc=pass (p=quarantine dis=none) header.from=huawei.com;\n dkim=pass (1024-bit key;\n unprotected) header.d=huawei.com header.i=@huawei.com header.a=rsa-sha256\n header.s=dkim header.b=rPlh5l6P; dkim-atps=neutral;\n spf=pass (client-ip=113.46.200.226; helo=canpmsgout11.his.huawei.com;\n envelope-from=ruanjinjie@huawei.com;\n receiver=lists.ozlabs.org) smtp.mailfrom=huawei.com", "dkim-signature": "v=1; a=rsa-sha256; d=huawei.com; s=dkim;\n\tc=relaxed/relaxed; q=dns/txt;\n\th=From;\n\tbh=7Kwc6kWIjE6MMFJP+OfVcLTnCUv+ekJ3y6ZVFx802F8=;\n\tb=rPlh5l6P/r0lCaYwhte4yShjLrdwYBNU0lmIIgw5zLcvDsIThOK9DhT/uaKtGrhCHIM2m/T2E\n\tE/c7DL3vdFGbipfioCcdgsazyLS5iJjEmcOCqlzDVeWHjNYlk59gPZS+xwcmZ6tAuW17/cQDjHA\n\t1aexox4eHyMo0rEmFdCoOYA=", "From": "Jinjie Ruan <ruanjinjie@huawei.com>", "To": "<corbet@lwn.net>, <skhan@linuxfoundation.org>, <catalin.marinas@arm.com>,\n\t<will@kernel.org>, <chenhuacai@kernel.org>, <kernel@xen0n.name>,\n\t<maddy@linux.ibm.com>, <mpe@ellerman.id.au>, <npiggin@gmail.com>,\n\t<chleroy@kernel.org>, <pjw@kernel.org>, <palmer@dabbelt.com>,\n\t<aou@eecs.berkeley.edu>, <alex@ghiti.fr>, <tglx@kernel.org>,\n\t<mingo@redhat.com>, <bp@alien8.de>, <dave.hansen@linux.intel.com>,\n\t<hpa@zytor.com>, <robh@kernel.org>, <saravanak@kernel.org>,\n\t<akpm@linux-foundation.org>, <bhe@redhat.com>, <vgoyal@redhat.com>,\n\t<dyoung@redhat.com>, <rdunlap@infradead.org>, <peterz@infradead.org>,\n\t<feng.tang@linux.alibaba.com>, <pawan.kumar.gupta@linux.intel.com>,\n\t<dapeng1.mi@linux.intel.com>, <kees@kernel.org>, <elver@google.com>,\n\t<paulmck@kernel.org>, <lirongqing@baidu.com>, <rppt@kernel.org>,\n\t<leitao@debian.org>, <ardb@kernel.org>, <cfsworks@gmail.com>,\n\t<osandov@fb.com>, <jbohac@suse.cz>, <tangyouling@kylinos.cn>,\n\t<sourabhjain@linux.ibm.com>, <ritesh.list@gmail.com>,\n\t<eajames@linux.ibm.com>, <songshuaishuai@tinylab.org>,\n\t<kevin.brodsky@arm.com>, <vishal.moola@gmail.com>,\n\t<junhui.liu@pigmoral.tech>, <coxu@redhat.com>, <fuqiang.wang@easystack.cn>,\n\t<liaoyuanhong@vivo.com>, <guoren@kernel.org>, <chenjiahao16@huawei.com>,\n\t<hbathini@linux.ibm.com>, <takahiro.akashi@linaro.org>,\n\t<james.morse@arm.com>, <lizhengyu3@huawei.com>, <x86@kernel.org>,\n\t<linux-doc@vger.kernel.org>, <linux-kernel@vger.kernel.org>,\n\t<linux-arm-kernel@lists.infradead.org>, <loongarch@lists.linux.dev>,\n\t<linuxppc-dev@lists.ozlabs.org>, <linux-riscv@lists.infradead.org>,\n\t<devicetree@vger.kernel.org>, <kexec@lists.infradead.org>", "CC": "<ruanjinjie@huawei.com>", "Subject": "[PATCH v11 06/11] LoongArch: kexec: Fix potential buffer overflow in\n prepare_elf_headers()", "Date": "Sat, 28 Mar 2026 15:40:08 +0800", "Message-ID": "<20260328074013.3589544-7-ruanjinjie@huawei.com>", "X-Mailer": "git-send-email 2.34.1", "In-Reply-To": "<20260328074013.3589544-1-ruanjinjie@huawei.com>", "References": "<20260328074013.3589544-1-ruanjinjie@huawei.com>", "X-Mailing-List": "linuxppc-dev@lists.ozlabs.org", "List-Id": "<linuxppc-dev.lists.ozlabs.org>", "List-Help": "<mailto:linuxppc-dev+help@lists.ozlabs.org>", "List-Owner": "<mailto:linuxppc-dev+owner@lists.ozlabs.org>", "List-Post": "<mailto:linuxppc-dev@lists.ozlabs.org>", "List-Archive": "<https://lore.kernel.org/linuxppc-dev/>,\n <https://lists.ozlabs.org/pipermail/linuxppc-dev/>", "List-Subscribe": "<mailto:linuxppc-dev+subscribe@lists.ozlabs.org>,\n <mailto:linuxppc-dev+subscribe-digest@lists.ozlabs.org>,\n <mailto:linuxppc-dev+subscribe-nomail@lists.ozlabs.org>", "List-Unsubscribe": "<mailto:linuxppc-dev+unsubscribe@lists.ozlabs.org>", "Precedence": "list", "MIME-Version": "1.0", "Content-Transfer-Encoding": "8bit", "Content-Type": "text/plain", "X-Originating-IP": "[10.90.53.73]", "X-ClientProxiedBy": "kwepems100001.china.huawei.com (7.221.188.238) To\n dggpemf500011.china.huawei.com (7.185.36.131)", "X-Spam-Status": "No, score=-0.2 required=3.0 tests=DKIM_SIGNED,DKIM_VALID,\n\tDKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS autolearn=disabled\n\tversion=4.0.1 OzLabs 8", "X-Spam-Checker-Version": "SpamAssassin 4.0.1 (2024-03-25) on lists.ozlabs.org" }, "content": "There is a race condition between the kexec_load() system call\n(crash kernel loading path) and memory hotplug operations that can lead\nto buffer overflow and potential kernel crash.\n\nDuring prepare_elf_headers(), the following steps occur:\n1. The first for_each_mem_range() queries current System RAM memory ranges\n2. Allocates buffer based on queried count\n3. The 2st for_each_mem_range() populates ranges from memblock\n\nIf memory hotplug occurs between step 1 and step 3, the number of ranges\ncan increase, causing out-of-bounds write when populating cmem->ranges[].\n\nThis happens because kexec_load() uses kexec_trylock (atomic_t) while\nmemory hotplug uses device_hotplug_lock (mutex), so they don't serialize\nwith each other.\n\nJust add bounds checking to prevent out-of-bounds access.\n\nFixes: 1bcca8620a91 (\"LoongArch: Add crash dump support for kexec_file\")\nSigned-off-by: Jinjie Ruan <ruanjinjie@huawei.com>\n---\n arch/loongarch/kernel/machine_kexec_file.c | 5 +++++\n 1 file changed, 5 insertions(+)", "diff": "diff --git a/arch/loongarch/kernel/machine_kexec_file.c b/arch/loongarch/kernel/machine_kexec_file.c\nindex 5584b798ba46..167392c1da33 100644\n--- a/arch/loongarch/kernel/machine_kexec_file.c\n+++ b/arch/loongarch/kernel/machine_kexec_file.c\n@@ -75,6 +75,11 @@ static int prepare_elf_headers(void **addr, unsigned long *sz)\n \tcmem->max_nr_ranges = nr_ranges;\n \tcmem->nr_ranges = 0;\n \tfor_each_mem_range(i, &start, &end) {\n+\t\tif (cmem->nr_ranges >= cmem->max_nr_ranges) {\n+\t\t\tret = -ENOMEM;\n+\t\t\tgoto out;\n+\t\t}\n+\n \t\tcmem->ranges[cmem->nr_ranges].start = start;\n \t\tcmem->ranges[cmem->nr_ranges].end = end - 1;\n \t\tcmem->nr_ranges++;\n", "prefixes": [ "v11", "06/11" ] }