[PATCH 2/2] kernel/kexec: Fix IMA when allocation happens in CMA area

Baoquan He bhe at redhat.com
Wed Nov 5 19:21:54 PST 2025 

On 11/06/25 at 10:33am, Pingfan Liu wrote:
> Hi Baoquan,
> 
> Thanks for your review. Please see the comment below.
> 
> On Thu, Nov 6, 2025 at 10:04 AM Baoquan He <bhe at redhat.com> wrote:
> >
> > Hi Pingfan,
> >
> > On 11/05/25 at 09:09pm, Pingfan Liu wrote:
> > > When I tested kexec with the latest kernel, I ran into the following warning:
> > >
> > > [   40.712410] ------------[ cut here ]------------
> > > [   40.712576] WARNING: CPU: 2 PID: 1562 at kernel/kexec_core.c:1001 kimage_map_segment+0x144/0x198
> > > [...]
> > > [   40.816047] Call trace:
> > > [   40.818498]  kimage_map_segment+0x144/0x198 (P)
> > > [   40.823221]  ima_kexec_post_load+0x58/0xc0
> > > [   40.827246]  __do_sys_kexec_file_load+0x29c/0x368
> > > [...]
> > > [   40.855423] ---[ end trace 0000000000000000 ]---
> > >
> > > This is caused by the fact that kexec allocates the destination directly
> > > in the CMA area. In that case, the CMA kernel address should be exported
> > > directly to the IMA component, instead of using the vmalloc'd address.
> > >
> > > Signed-off-by: Pingfan Liu <piliu at redhat.com>
> > > Cc: Andrew Morton <akpm at linux-foundation.org>
> > > Cc: Baoquan He <bhe at redhat.com>
> > > Cc: Alexander Graf <graf at amazon.com>
> > > Cc: Steven Chen <chenste at linux.microsoft.com>
> > > Cc: linux-integrity at vger.kernel.org
> > > To: kexec at lists.infradead.org
> > > ---
> > >  kernel/kexec_core.c | 7 ++++++-
> > >  1 file changed, 6 insertions(+), 1 deletion(-)
> > >
> > > diff --git a/kernel/kexec_core.c b/kernel/kexec_core.c
> > > index 9a1966207041..abe40286a02c 100644
> > > --- a/kernel/kexec_core.c
> > > +++ b/kernel/kexec_core.c
> > > @@ -967,6 +967,7 @@ void *kimage_map_segment(struct kimage *image, int idx)
> > >       kimage_entry_t *ptr, entry;
> > >       struct page **src_pages;
> > >       unsigned int npages;
> > > +     struct page *cma;
> > >       void *vaddr = NULL;
> > >       int i;
> > >
> > > @@ -974,6 +975,9 @@ void *kimage_map_segment(struct kimage *image, int idx)
> > >       size = image->segment[idx].memsz;
> > >       eaddr = addr + size;
> > >
> > > +     cma = image->segment_cma[idx];
> >
> > Thanks for your fix. But I totally can't get what you are doing. The idx
> > passed into kimage_map_segment() could index image->segment[], and can
> > index image->segment_cma[], could you reconsider and make the code more
> > reasonable?
> >
> 
> Since idx can index both image->segment[] and segment_cma[], the
> behavior differs based on whether segment_cma[idx] is NULL:
> 
> - If segment_cma[idx] is not NULL, it points directly to the final
> target location, eliminating the need for data copying that
> traditional kexec relocation requires.
> - If segment_cma[idx] is NULL, the segment relies on the traditional
> kexec relocation code to copy its data.

I see, thanks. While image->segment_cma[idx] records the struct page of
the relevant cma area, but not virtual address. Is it OK for IMA later
to update? ima_kexec_buffer is supposed to be a virtual address,
wondering how IMA behaved in this case.

More information about the kexec mailing list