Patch Detail
get:
Show a patch.
patch:
Update a patch.
put:
Update a patch.
GET /api/patches/2218957/?format=api
{ "id": 2218957, "url": "http://patchwork.ozlabs.org/api/patches/2218957/?format=api", "web_url": "http://patchwork.ozlabs.org/project/linuxppc-dev/patch/20260402072701.628293-4-ruanjinjie@huawei.com/", "project": { "id": 2, "url": "http://patchwork.ozlabs.org/api/projects/2/?format=api", "name": "Linux PPC development", "link_name": "linuxppc-dev", "list_id": "linuxppc-dev.lists.ozlabs.org", "list_email": "linuxppc-dev@lists.ozlabs.org", "web_url": "https://github.com/linuxppc/wiki/wiki", "scm_url": "https://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux.git", "webscm_url": "https://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux.git/", "list_archive_url": "https://lore.kernel.org/linuxppc-dev/", "list_archive_url_format": "https://lore.kernel.org/linuxppc-dev/{}/", "commit_url_format": "https://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux.git/commit/?id={}" }, "msgid": "<20260402072701.628293-4-ruanjinjie@huawei.com>", "list_archive_url": "https://lore.kernel.org/linuxppc-dev/20260402072701.628293-4-ruanjinjie@huawei.com/", "date": "2026-04-02T07:26:49", "name": "[v12,03/15] x86/kexec: Fix potential buffer overflow in prepare_elf_headers()", "commit_ref": null, "pull_url": null, "state": "handled-elsewhere", "archived": false, "hash": "d2a3ead6c10ed8fc30d52fc2aa79ece94f4ce9c3", "submitter": { "id": 84791, "url": "http://patchwork.ozlabs.org/api/people/84791/?format=api", "name": "Jinjie Ruan", "email": "ruanjinjie@huawei.com" }, "delegate": null, "mbox": "http://patchwork.ozlabs.org/project/linuxppc-dev/patch/20260402072701.628293-4-ruanjinjie@huawei.com/mbox/", "series": [ { "id": 498443, "url": "http://patchwork.ozlabs.org/api/series/498443/?format=api", "web_url": "http://patchwork.ozlabs.org/project/linuxppc-dev/list/?series=498443", "date": "2026-04-02T07:26:46", "name": "arm64/riscv: Add support for crashkernel CMA reservation", "version": 12, "mbox": "http://patchwork.ozlabs.org/series/498443/mbox/" } ], "comments": "http://patchwork.ozlabs.org/api/patches/2218957/comments/", "check": "pending", "checks": "http://patchwork.ozlabs.org/api/patches/2218957/checks/", "tags": {}, "related": [], "headers": { "Return-Path": "\n <linuxppc-dev+bounces-19194-incoming=patchwork.ozlabs.org@lists.ozlabs.org>", "X-Original-To": [ "incoming@patchwork.ozlabs.org", "linuxppc-dev@lists.ozlabs.org" ], "Delivered-To": "patchwork-incoming@legolas.ozlabs.org", "Authentication-Results": [ "legolas.ozlabs.org;\n\tdkim=pass (1024-bit key;\n unprotected) header.d=huawei.com header.i=@huawei.com header.a=rsa-sha256\n header.s=dkim header.b=MdXZg3nC;\n\tdkim-atps=neutral", "legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=lists.ozlabs.org\n (client-ip=2404:9400:21b9:f100::1; helo=lists.ozlabs.org;\n envelope-from=linuxppc-dev+bounces-19194-incoming=patchwork.ozlabs.org@lists.ozlabs.org;\n receiver=patchwork.ozlabs.org)", "lists.ozlabs.org;\n arc=none smtp.remote-ip=113.46.200.217", "lists.ozlabs.org;\n dmarc=pass (p=quarantine dis=none) header.from=huawei.com", "lists.ozlabs.org;\n\tdkim=pass (1024-bit key;\n unprotected) header.d=huawei.com header.i=@huawei.com header.a=rsa-sha256\n header.s=dkim header.b=MdXZg3nC;\n\tdkim-atps=neutral", "lists.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=huawei.com\n (client-ip=113.46.200.217; helo=canpmsgout02.his.huawei.com;\n envelope-from=ruanjinjie@huawei.com; receiver=lists.ozlabs.org)" ], "Received": [ "from lists.ozlabs.org (lists.ozlabs.org\n [IPv6:2404:9400:21b9:f100::1])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4fmYLY5JSVz1yCs\n\tfor <incoming@patchwork.ozlabs.org>; Thu, 02 Apr 2026 18:26:13 +1100 (AEDT)", "from boromir.ozlabs.org (localhost [127.0.0.1])\n\tby lists.ozlabs.org (Postfix) with ESMTP id 4fmYLD6KWnz2yrQ;\n\tThu, 02 Apr 2026 18:25:56 +1100 (AEDT)", "from canpmsgout02.his.huawei.com (canpmsgout02.his.huawei.com\n [113.46.200.217])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519 server-signature RSA-PSS (2048 bits) server-digest\n SHA256)\n\t(No client certificate requested)\n\tby lists.ozlabs.org (Postfix) with ESMTPS id 4fmYLC6lFbz2yjw\n\tfor <linuxppc-dev@lists.ozlabs.org>; Thu, 02 Apr 2026 18:25:55 +1100 (AEDT)", "from mail.maildlp.com (unknown [172.19.162.144])\n\tby canpmsgout02.his.huawei.com (SkyGuard) with ESMTPS id 4fmYC62SFLzcb1w;\n\tThu, 2 Apr 2026 15:19:46 +0800 (CST)", "from dggpemf500011.china.huawei.com (unknown [7.185.36.131])\n\tby mail.maildlp.com (Postfix) with ESMTPS id 8FEC740538;\n\tThu, 2 Apr 2026 15:25:52 +0800 (CST)", "from huawei.com (10.90.53.73) by dggpemf500011.china.huawei.com\n (7.185.36.131) with Microsoft SMTP Server (version=TLS1_2,\n cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1544.11; Thu, 2 Apr\n 2026 15:25:49 +0800" ], "ARC-Seal": "i=1; a=rsa-sha256; d=lists.ozlabs.org; s=201707; t=1775114756;\n\tcv=none;\n b=kngnOUFxoOuA5B+neO2CINRkibm++L80ZlBW+q6H2CPa00A0sRAdBNjvZAkHIcga3Lljl7rC2I9LZrQysonNgXFiL9sgSYGdqjHLjFCZiURs4BNW96C2grfOqVDPruZrE4ayzNE2KL3kdmUJpAgGezRR30x4VRzrxHBG4Y8yplVg6IsWEbHXsgsrl1YX/8afuPRA18S/nlhKmx+uIubNvuGrFAhQHx6d7q+lFhD8nm+h6ID8hmE6XL7rW5qubvNZrtpOQSy5H2BQ6Hqym4WeAb0SCUmgfiZZdcnpl1QBJgktcFAhGVmUZ5sceKkFqURr4EiS4QwI9zsk5AOG2ayoPA==", "ARC-Message-Signature": "i=1; a=rsa-sha256; d=lists.ozlabs.org; s=201707;\n\tt=1775114756; c=relaxed/relaxed;\n\tbh=SSmXef76mZyahgQK8xQz+7jtkK0jZuBKQjh1KaCElSM=;\n\th=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References:\n\t MIME-Version:Content-Type;\n b=VN9RBRqJVTZNM+fmCYCfCU2vaaYe/pDGNfCle9EjdPvCmhwkTiX2+ZNCtm2/Gn3IcM/FhGy4edi8j0NCB3BrRlPc8rkQRRnOfjnieSst8eKSfCy9HfL9LyTOzxkbkXRk+L0ArjmbQBTkNH55foJSz9BAYb2bGcZspX7O1S/P8LvnfM4v10dgrH/vSdQZ6O3YojaIj8/zkJBIYqvnf3bdmifoLhJ7qTJNhi24BICRp7rTKN9P1bLRW0hUFGgI4xb/AznbSYlRB0bFdZgemtkTvZBUn3U2HsjfK8znQOs7mBtJGJeESS9BP6yX7k5KpSp4w1m5I/6pVfYrds3dLHpxTQ==", "ARC-Authentication-Results": "i=1; lists.ozlabs.org;\n dmarc=pass (p=quarantine dis=none) header.from=huawei.com;\n dkim=pass (1024-bit key;\n unprotected) header.d=huawei.com header.i=@huawei.com header.a=rsa-sha256\n header.s=dkim header.b=MdXZg3nC; dkim-atps=neutral;\n spf=pass (client-ip=113.46.200.217; helo=canpmsgout02.his.huawei.com;\n envelope-from=ruanjinjie@huawei.com;\n receiver=lists.ozlabs.org) smtp.mailfrom=huawei.com", "dkim-signature": "v=1; a=rsa-sha256; d=huawei.com; s=dkim;\n\tc=relaxed/relaxed; q=dns/txt;\n\th=From;\n\tbh=SSmXef76mZyahgQK8xQz+7jtkK0jZuBKQjh1KaCElSM=;\n\tb=MdXZg3nC1tK+UpGTReyTCukvwBVnnc9HKJ89tzqQOrHJO9d2iVdijdof1zhdnPbvkx/XqTJkl\n\tUGUfhDXW1ZDbf/AuXSR23T5KKaDsLjPiPjYWJz/xbjq2adxLj+2Yp6XMj/bS0L9ap9mLu8a4IKk\n\tvwVjQwbOvVPzfJprINj0vZ4=", "From": "Jinjie Ruan <ruanjinjie@huawei.com>", "To": "<corbet@lwn.net>, <skhan@linuxfoundation.org>, <catalin.marinas@arm.com>,\n\t<will@kernel.org>, <chenhuacai@kernel.org>, <kernel@xen0n.name>,\n\t<maddy@linux.ibm.com>, <mpe@ellerman.id.au>, <npiggin@gmail.com>,\n\t<chleroy@kernel.org>, <pjw@kernel.org>, <palmer@dabbelt.com>,\n\t<aou@eecs.berkeley.edu>, <alex@ghiti.fr>, <tglx@kernel.org>,\n\t<mingo@redhat.com>, <bp@alien8.de>, <dave.hansen@linux.intel.com>,\n\t<hpa@zytor.com>, <robh@kernel.org>, <saravanak@kernel.org>,\n\t<akpm@linux-foundation.org>, <bhe@redhat.com>, <vgoyal@redhat.com>,\n\t<dyoung@redhat.com>, <rdunlap@infradead.org>, <peterz@infradead.org>,\n\t<pawan.kumar.gupta@linux.intel.com>, <feng.tang@linux.alibaba.com>,\n\t<dapeng1.mi@linux.intel.com>, <kees@kernel.org>, <elver@google.com>,\n\t<paulmck@kernel.org>, <lirongqing@baidu.com>, <rppt@kernel.org>,\n\t<leitao@debian.org>, <ardb@kernel.org>, <jbohac@suse.cz>,\n\t<cfsworks@gmail.com>, <tangyouling@kylinos.cn>, <sourabhjain@linux.ibm.com>,\n\t<ritesh.list@gmail.com>, <hbathini@linux.ibm.com>, <eajames@linux.ibm.com>,\n\t<guoren@kernel.org>, <songshuaishuai@tinylab.org>, <kevin.brodsky@arm.com>,\n\t<vishal.moola@gmail.com>, <junhui.liu@pigmoral.tech>, <coxu@redhat.com>,\n\t<fuqiang.wang@easystack.cn>, <liaoyuanhong@vivo.com>,\n\t<takahiro.akashi@linaro.org>, <james.morse@arm.com>, <lizhengyu3@huawei.com>,\n\t<x86@kernel.org>, <linux-doc@vger.kernel.org>,\n\t<linux-kernel@vger.kernel.org>, <linux-arm-kernel@lists.infradead.org>,\n\t<loongarch@lists.linux.dev>, <linuxppc-dev@lists.ozlabs.org>,\n\t<linux-riscv@lists.infradead.org>, <devicetree@vger.kernel.org>,\n\t<kexec@lists.infradead.org>", "CC": "<ruanjinjie@huawei.com>", "Subject": "[PATCH v12 03/15] x86/kexec: Fix potential buffer overflow in\n prepare_elf_headers()", "Date": "Thu, 2 Apr 2026 15:26:49 +0800", "Message-ID": "<20260402072701.628293-4-ruanjinjie@huawei.com>", "X-Mailer": "git-send-email 2.34.1", "In-Reply-To": "<20260402072701.628293-1-ruanjinjie@huawei.com>", "References": "<20260402072701.628293-1-ruanjinjie@huawei.com>", "X-Mailing-List": "linuxppc-dev@lists.ozlabs.org", "List-Id": "<linuxppc-dev.lists.ozlabs.org>", "List-Help": "<mailto:linuxppc-dev+help@lists.ozlabs.org>", "List-Owner": "<mailto:linuxppc-dev+owner@lists.ozlabs.org>", "List-Post": "<mailto:linuxppc-dev@lists.ozlabs.org>", "List-Archive": "<https://lore.kernel.org/linuxppc-dev/>,\n <https://lists.ozlabs.org/pipermail/linuxppc-dev/>", "List-Subscribe": "<mailto:linuxppc-dev+subscribe@lists.ozlabs.org>,\n <mailto:linuxppc-dev+subscribe-digest@lists.ozlabs.org>,\n <mailto:linuxppc-dev+subscribe-nomail@lists.ozlabs.org>", "List-Unsubscribe": "<mailto:linuxppc-dev+unsubscribe@lists.ozlabs.org>", "Precedence": "list", "MIME-Version": "1.0", "Content-Transfer-Encoding": "8bit", "Content-Type": "text/plain", "X-Originating-IP": "[10.90.53.73]", "X-ClientProxiedBy": "kwepems100002.china.huawei.com (7.221.188.206) To\n dggpemf500011.china.huawei.com (7.185.36.131)", "X-Spam-Status": "No, score=-0.2 required=3.0 tests=DKIM_SIGNED,DKIM_VALID,\n\tDKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS autolearn=disabled\n\tversion=4.0.1 OzLabs 8", "X-Spam-Checker-Version": "SpamAssassin 4.0.1 (2024-03-25) on lists.ozlabs.org" }, "content": "There is a race condition between the kexec_load() system call\n(crash kernel loading path) and memory hotplug operations that can lead\nto buffer overflow and potential kernel crash.\n\nDuring prepare_elf_headers(), the following steps occur:\n1. get_nr_ram_ranges_callback() queries current System RAM memory ranges\n2. Allocates buffer based on queried count\n3. prepare_elf64_ram_headers_callback() populates ranges from memblock\n\nIf memory hotplug occurs between step 1 and step 3, the number of ranges\ncan increase, causing out-of-bounds write when populating cmem->ranges[].\n\nThis happens because kexec_load() uses kexec_trylock (atomic_t) while\nmemory hotplug uses device_hotplug_lock (mutex), so they don't serialize\nwith each other.\n\nJust add bounds checking in prepare_elf64_ram_headers_callback() to\nprevent out-of-bounds (OOB) access,\n\nCc: AKASHI Takahiro <takahiro.akashi@linaro.org>\nCc: Vivek Goyal <vgoyal@redhat.com>\nCc: Baoquan He <bhe@redhat.com>\nFixes: 8d5f894a3108 (\"x86: kexec_file: lift CRASH_MAX_RANGES limit on crash_mem buffer\")\nSigned-off-by: Jinjie Ruan <ruanjinjie@huawei.com>\n---\n arch/x86/kernel/crash.c | 3 +++\n 1 file changed, 3 insertions(+)", "diff": "diff --git a/arch/x86/kernel/crash.c b/arch/x86/kernel/crash.c\nindex 335fd2ee9766..7fa6d45ebe3f 100644\n--- a/arch/x86/kernel/crash.c\n+++ b/arch/x86/kernel/crash.c\n@@ -225,6 +225,9 @@ static int prepare_elf64_ram_headers_callback(struct resource *res, void *arg)\n {\n \tstruct crash_mem *cmem = arg;\n \n+\tif (cmem->nr_ranges >= cmem->max_nr_ranges)\n+\t\treturn -ENOMEM;\n+\n \tcmem->ranges[cmem->nr_ranges].start = res->start;\n \tcmem->ranges[cmem->nr_ranges].end = res->end;\n \tcmem->nr_ranges++;\n", "prefixes": [ "v12", "03/15" ] }