• Mark Rutland's avatar
    arm64: kexec: load from kimage prior to clobbering · eb3d8ea3
    Mark Rutland authored
    In arm64_relocate_new_kernel() we load some fields out of the kimage
    structure after relocation has occurred. As the kimage structure isn't
    allocated to be relocation-safe, it may be clobbered during relocation,
    and we may load junk values out of the structure.
    
    Due to this, kexec may fail when the kimage allocation happens to fall
    within a PA range that an object will be relocated to. This has been
    observed to occur for regular kexec on a QEMU TCG 'virt' machine with
    2GiB of RAM, where the PA range of the new kernel image overlaps the
    kimage structure.
    
    Avoid this by ensuring we load all values from the kimage structure
    prior to relocation.
    
    I've tested this atop v5.16 and v5.18-rc6.
    
    Fixes: 878fdbd7 ("arm64: kexec: pass kimage as the only argument to relocation function")
    Signed-off-by: default avatarMark Rutland <mark.rutland@arm.com>
    Cc: Catalin Marinas <catalin.marinas@arm.com>
    Cc: James Morse <james.morse@arm.com>
    Cc: Pasha Tatashin <pasha.tatashin@soleen.com>
    Cc: Will Deacon <will@kernel.org>
    Reviewed-by: default avatarPasha Tatashin <pasha.tatashin@soleen.com>
    Link: https://lore.kernel.org/r/20220516160735.731404-1-mark.rutland@arm.comSigned-off-by: default avatarWill Deacon <will@kernel.org>
    eb3d8ea3
relocate_kernel.S 3.02 KB