Linux kernel stable tree (mirror) https://git.radix-linux.su/kernel/linux.git/atom?h=v6.12.80 2026-03-13T16:20:27+00:00 2026-03-13T16:20:27+00:00 Harshit Mogalapalli harshit.m.mogalapalli@oracle.com 2025-12-31T06:16:08+00:00 urn:sha1:51a31c0bc2821880f938e98d5215d501ea205460 [ Upstream commit 4d02233235ed0450de9c10fcdcf3484e3c9401ce ] Refactor the OF/DT ima_get_kexec_buffer() to use a generic helper to validate the address range. No functional change intended. Link: https://lkml.kernel.org/r/20251231061609.907170-3-harshit.m.mogalapalli@oracle.com Signed-off-by: Harshit Mogalapalli <harshit.m.mogalapalli@oracle.com> Reviewed-by: Mimi Zohar <zohar@linux.ibm.com> Cc: Alexander Graf <graf@amazon.com> Cc: Ard Biesheuvel <ardb@kernel.org> Cc: Baoquan He <bhe@redhat.com> Cc: Borislav Betkov <bp@alien8.de> Cc: guoweikang <guoweikang.kernel@gmail.com> Cc: Henry Willard <henry.willard@oracle.com> Cc: "H. Peter Anvin" <hpa@zytor.com> Cc: Ingo Molnar <mingo@redhat.com> Cc: Jiri Bohac <jbohac@suse.cz> Cc: Joel Granados <joel.granados@kernel.org> Cc: Jonathan McDowell <noodles@fb.com> Cc: Mike Rapoport <rppt@kernel.org> Cc: Paul Webb <paul.x.webb@oracle.com> Cc: Sohil Mehta <sohil.mehta@intel.com> Cc: Sourabh Jain <sourabhjain@linux.ibm.com> Cc: Thomas Gleinxer <tglx@linutronix.de> Cc: Yifei Liu <yifei.l.liu@oracle.com> Cc: <stable@vger.kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Sasha Levin <sashal@kernel.org> 2024-12-05T13:01:32+00:00 Usama Arif usamaarif642@gmail.com 2024-10-23T17:14:26+00:00 urn:sha1:b5f599af75a50aa80d82f772d65889050375ab32 [ Upstream commit b2473a359763e27567993e7d8f37de82f57a0829 ] __pa() is only intended to be used for linear map addresses and using it for initial_boot_params which is in fixmap for arm64 will give an incorrect value. Hence save the physical address when it is known at boot time when calling early_init_dt_scan for arm64 and use it at kexec time instead of converting the virtual address using __pa(). Note that arm64 doesn't need the FDT region reserved in the DT as the kernel explicitly reserves the passed in FDT. Therefore, only a debug warning is fixed with this change. Reported-by: Breno Leitao <leitao@debian.org> Suggested-by: Mark Rutland <mark.rutland@arm.com> Signed-off-by: Usama Arif <usamaarif642@gmail.com> Fixes: ac10be5cdbfa ("arm64: Use common of_kexec_alloc_and_setup_fdt()") Link: https://lore.kernel.org/r/20241023171426.452688-1-usamaarif642@gmail.com Signed-off-by: Rob Herring (Arm) <robh@kernel.org> Signed-off-by: Sasha Levin <sashal@kernel.org> 2024-02-24T01:48:23+00:00 Baoquan He bhe@redhat.com 2024-01-24T05:12:47+00:00 urn:sha1:40254101d87870b2e5ac3ddc28af40aa04c48486 Now crash codes under kernel/ folder has been split out from kexec code, crash dumping can be separated from kexec reboot in config items on arm64 with some adjustments. Here wrap up crash dumping codes with CONFIG_CRASH_DUMP ifdeffery. [bhe@redhat.com: fix building error in generic codes] Link: https://lkml.kernel.org/r/20240129135033.157195-2-bhe@redhat.com Link: https://lkml.kernel.org/r/20240124051254.67105-8-bhe@redhat.com Signed-off-by: Baoquan He <bhe@redhat.com> Cc: Al Viro <viro@zeniv.linux.org.uk> Cc: Eric W. Biederman <ebiederm@xmission.com> Cc: Hari Bathini <hbathini@linux.ibm.com> Cc: Pingfan Liu <piliu@redhat.com> Cc: Klara Modin <klarasmodin@gmail.com> Cc: Michael Kelley <mhklinux@outlook.com> Cc: Nathan Chancellor <nathan@kernel.org> Cc: Stephen Rothwell <sfr@canb.auug.org.au> Cc: Yang Li <yang.lee@linux.alibaba.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> 2023-08-18T16:47:45+00:00 Rik van Riel riel@surriel.com 2023-08-17T17:57:59+00:00 urn:sha1:f0362a253606e2031f8d61c74195d4d6556e12a4 The code calling ima_free_kexec_buffer runs long after the memblock allocator has already been torn down, potentially resulting in a use after free in memblock_isolate_range. With KASAN or KFENCE, this use after free will result in a BUG from the idle task, and a subsequent kernel panic. Switch ima_free_kexec_buffer over to memblock_free_late to avoid that issue. Fixes: fee3ff99bc67 ("powerpc: Move arch independent ima kexec functions to drivers/of/kexec.c") Cc: stable@kernel.org Signed-off-by: Rik van Riel <riel@surriel.com> Suggested-by: Mike Rappoport <rppt@kernel.org> Link: https://lore.kernel.org/r/20230817135759.0888e5ef@imladris.surriel.com Signed-off-by: Rob Herring <robh@kernel.org> 2022-12-06T20:50:36+00:00 Rob Herring robh@kernel.org 2022-11-28T20:24:39+00:00 urn:sha1:e553ad8d7957697385e81034bf76db3b2cb2cf27 "linux,initrd-start" and "linux,initrd-end" can be 32-bit values even on a 64-bit platform. Ideally, the size should be based on '#address-cells', but that has never been enforced in the kernel's FDT boot parsing code (early_init_dt_check_for_initrd()). Bootloader behavior is known to vary. For example, kexec always writes these as 64-bit. The result of incorrectly reading 32-bit values is most likely the reserved memory for the original initrd will still be reserved for the new kernel. The original arm64 equivalent of this code failed to release the initrd reserved memory in *all* cases. Use of_read_number() to mirror the early_init_dt_check_for_initrd() code. Fixes: b30be4dc733e ("of: Add a common kexec FDT setup function") Cc: stable@vger.kernel.org Reported-by: Peter Maydell <peter.maydell@linaro.org> Link: https://lore.kernel.org/r/20221128202440.1411895-1-robh@kernel.org Signed-off-by: Rob Herring <robh@kernel.org> 2022-08-05T01:08:34+00:00 Linus Torvalds torvalds@linux-foundation.org 2022-08-05T01:08:34+00:00 urn:sha1:da8d07af4b3e2e407c5dd13f08b64580931fd1a6 Pull devicetree updates from Rob Herring: "Bindings: - Add spi-peripheral-props.yaml references to various SPI device bindings - Convert qcom,pm8916-wdt, ds1307, Qualcomm BAM DMA, is31fl319x, skyworks,aat1290, Rockchip EMAC, gpio-ir-receiver, ahci-ceva, Arm CCN PMU, rda,8810pl-intc, sil,sii9022, ps2-gpio, and arm-firmware-suite bindings to DT schema format - New bindings for Arm virtual platforms display, Qualcomm IMEM memory region, Samsung S5PV210 ChipID, EM Microelectronic EM3027 RTC, and arm,cortex-a78ae - Add vendor prefixes for asrock, bytedance, hxt, ingrasys, inventec, quanta, and densitron - Add missing MSI and IOMMU properties to host-generic-pci - Remove bindings for removed EFM32 platform - Remove old chosen.txt binding (replaced by schema) - Treewide add missing type information for properties - Treewide fixing of typos and its vs. it's in bindings. Its all good now. - Drop unnecessary quoting in power related schemas - Several LED binding updates which didn't get picked up - Move various bindings to proper directories DT core code: - Convert unittest GPIO related tests to use fwnode - Check ima-kexec-buffer against memory bounds - Print reserved-memory allocation/reservation failures as errors - Cleanup early_init_dt_reserve_memory_arch() - Simplify of_overlay_fdt_apply() tail" * tag 'devicetree-for-6.0' of git://git.kernel.org/pub/scm/linux/kernel/git/robh/linux: (65 commits) dt-bindings: mtd: microchip,mchp48l640: use spi-peripheral-props.yaml dt-bindings: power: supply: drop quotes when not needed dt-bindings: power: reset: drop quotes when not needed dt-bindings: power: drop quotes when not needed dt-bindings: PCI: host-generic-pci: Allow IOMMU and MSI properties of/fdt: declared return type does not match actual return type devicetree/bindings: correct possessive "its" typos dt-bindings: net: convert emac_rockchip.txt to YAML dt-bindings: eeprom: microchip,93lc46b: move to eeprom directory dt-bindings: eeprom: at25: use spi-peripheral-props.yaml dt-bindings: display: use spi-peripheral-props.yaml dt-bindings: watchdog: qcom,pm8916-wdt: convert to dtschema dt-bindings: power: reset: qcom,pon: use absolute path to other schema dt-bindings: iio/dac: adi,ad5766: Add missing type to 'output-range-microvolts' dt-bindings: power: supply: charger-manager: Add missing type for 'cm-battery-stat' dt-bindings: panel: raydium,rm67191: Add missing type to 'video-mode' of/fdt: Clean up early_init_dt_reserve_memory_arch() dt-bindings: PCI: fsl,imx6q-pcie: Add missing type for 'reset-gpio-active-high' dt-bindings: rtc: Add EM Microelectronic EM3027 bindings dt-bindings: rtc: ds1307: Convert to json-schema ... 2022-07-01T13:22:16+00:00 Jonathan McDowell noodles@fb.com 2022-06-30T08:36:12+00:00 urn:sha1:b69a2afd5afce9bf6d56e349d6ab592c916e20f2 On kexec file load, the Integrity Measurement Architecture (IMA) subsystem may verify the IMA signature of the kernel and initramfs, and measure it. The command line parameters passed to the kernel in the kexec call may also be measured by IMA. A remote attestation service can verify a TPM quote based on the TPM event log, the IMA measurement list and the TPM PCR data. This can be achieved only if the IMA measurement log is carried over from the current kernel to the next kernel across the kexec call. PowerPC and ARM64 both achieve this using device tree with a "linux,ima-kexec-buffer" node. x86 platforms generally don't make use of device tree, so use the setup_data mechanism to pass the IMA buffer to the new kernel. Signed-off-by: Jonathan McDowell <noodles@fb.com> Signed-off-by: Borislav Petkov <bp@suse.de> Reviewed-by: Mimi Zohar <zohar@linux.ibm.com> # IMA function definitions Link: https://lore.kernel.org/r/YmKyvlF3my1yWTvK@noodles-fedora-PC23Y6EG 2022-06-07T22:25:11+00:00 Vaibhav Jain vaibhav@linux.ibm.com 2022-05-31T04:14:46+00:00 urn:sha1:cbf9c4b9617b6767886a913705ca14b7600c77db Presently ima_get_kexec_buffer() doesn't check if the previous kernel's ima-kexec-buffer lies outside the addressable memory range. This can result in a kernel panic if the new kernel is booted with 'mem=X' arg and the ima-kexec-buffer was allocated beyond that range by the previous kernel. The panic is usually of the form below: $ sudo kexec --initrd initrd vmlinux --append='mem=16G' <snip> BUG: Unable to handle kernel data access on read at 0xc000c01fff7f0000 Faulting instruction address: 0xc000000000837974 Oops: Kernel access of bad area, sig: 11 [#1] <snip> NIP [c000000000837974] ima_restore_measurement_list+0x94/0x6c0 LR [c00000000083b55c] ima_load_kexec_buffer+0xac/0x160 Call Trace: [c00000000371fa80] [c00000000083b55c] ima_load_kexec_buffer+0xac/0x160 [c00000000371fb00] [c0000000020512c4] ima_init+0x80/0x108 [c00000000371fb70] [c0000000020514dc] init_ima+0x4c/0x120 [c00000000371fbf0] [c000000000012240] do_one_initcall+0x60/0x2c0 [c00000000371fcc0] [c000000002004ad0] kernel_init_freeable+0x344/0x3ec [c00000000371fda0] [c0000000000128a4] kernel_init+0x34/0x1b0 [c00000000371fe10] [c00000000000ce64] ret_from_kernel_thread+0x5c/0x64 Instruction dump: f92100b8 f92100c0 90e10090 910100a0 4182050c 282a0017 3bc00000 40810330 7c0802a6 fb610198 7c9b2378 f80101d0 <a1240000> 2c090001 40820614 e9240010 ---[ end trace 0000000000000000 ]--- Fix this issue by checking returned PFN range of previous kernel's ima-kexec-buffer with page_is_ram() to ensure correct memory bounds. Fixes: 467d27824920 ("powerpc: ima: get the kexec buffer passed by the previous kernel") Cc: Frank Rowand <frowand.list@gmail.com> Cc: Prakhar Srivastava <prsriva@linux.microsoft.com> Cc: Lakshmi Ramasubramanian <nramas@linux.microsoft.com> Cc: Thiago Jung Bauermann <bauerman@linux.ibm.com> Cc: Rob Herring <robh@kernel.org> Cc: Ritesh Harjani <ritesh.list@gmail.com> Cc: Robin Murphy <robin.murphy@arm.com> Signed-off-by: Vaibhav Jain <vaibhav@linux.ibm.com> Signed-off-by: Rob Herring <robh@kernel.org> Link: https://lore.kernel.org/r/20220531041446.3334259-1-vaibhav@linux.ibm.com 2022-05-07T18:57:35+00:00 Zhen Lei thunder.leizhen@huawei.com 2022-05-06T11:44:01+00:00 urn:sha1:8af6b91f58341325bf74ecb0389ddc0039091d84 When "crashkernel=X,high" is used, there may be two crash regions: high=crashk_res and low=crashk_low_res. But now the syscall kexec_file_load() only add crashk_res into "linux,usable-memory-range", this may cause the second kernel to have no available dma memory. Fix it like kexec-tools does for option -c, add both 'high' and 'low' regions into the dtb. Signed-off-by: Zhen Lei <thunder.leizhen@huawei.com> Acked-by: Rob Herring <robh@kernel.org> Acked-by: Baoquan He <bhe@redhat.com> Link: https://lore.kernel.org/r/20220506114402.365-6-thunder.leizhen@huawei.com Signed-off-by: Catalin Marinas <catalin.marinas@arm.com> 2021-11-06T20:30:41+00:00 Mike Rapoport rppt@linux.ibm.com 2021-11-05T20:43:19+00:00 urn:sha1:3ecc68349bbab6bff1d12cbc7951ca6019b2faf6 Since memblock_free() operates on a physical range, make its name reflect it and rename it to memblock_phys_free(), so it will be a logical counterpart to memblock_phys_alloc(). The callers are updated with the below semantic patch: @@ expression addr; expression size; @@ - memblock_free(addr, size); + memblock_phys_free(addr, size); Link: https://lkml.kernel.org/r/20210930185031.18648-6-rppt@kernel.org Signed-off-by: Mike Rapoport <rppt@linux.ibm.com> Cc: Christophe Leroy <christophe.leroy@csgroup.eu> Cc: Juergen Gross <jgross@suse.com> Cc: Shahab Vahedi <Shahab.Vahedi@synopsys.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>