On Mon, Oct 20, 2025 at 08:08:49PM -0400, Pasha Tatashin wrote: > This series fixes a memory corruption bug in KHO that occurs when KFENCE > is enabled. > > The root cause is that KHO metadata, allocated via kzalloc(), can be > randomly serviced by kfence_alloc(). When a kernel boots via KHO, the > early memblock allocator is restricted to a "scratch area". This forces > the KFENCE pool to be allocated within this scratch area, creating a > conflict. If KHO metadata is subsequently placed in this pool, it gets > corrupted during the next kexec operation. > > Patch 1/3 introduces a debug-only feature (CONFIG_KEXEC_HANDOVER_DEBUG) > that adds checks to detect and fail any operation that attempts to place > KHO metadata or preserved memory within the scratch area. This serves as > a validation and diagnostic tool to confirm the problem without > affecting production builds. > > Patch 2/3 Increases bitmap to PAGE_SIZE, so buddy allocator can be used. > > Patch 3/3 Provides the fix by modifying KHO to allocate its metadata > directly from the buddy allocator instead of slab. This bypasses the > KFENCE interception entirely. > > Pasha Tatashin (3): > liveupdate: kho: warn and fail on metadata or preserved memory in > scratch area > liveupdate: kho: Increase metadata bitmap size to PAGE_SIZE > liveupdate: kho: allocate metadata directly from the buddy allocator
With liveupdate: dropped from the subjects Reviewed-by: Mike Rapoport (Microsoft) <[email protected]> > include/linux/gfp.h | 3 ++ > kernel/Kconfig.kexec | 9 ++++ > kernel/Makefile | 1 + > kernel/kexec_handover.c | 72 ++++++++++++++++++++------------ > kernel/kexec_handover_debug.c | 25 +++++++++++ > kernel/kexec_handover_internal.h | 16 +++++++ > 6 files changed, 100 insertions(+), 26 deletions(-) > create mode 100644 kernel/kexec_handover_debug.c > create mode 100644 kernel/kexec_handover_internal.h > > > base-commit: 6548d364a3e850326831799d7e3ea2d7bb97ba08 > -- > 2.51.0.869.ge66316f041-goog > -- Sincerely yours, Mike.
