[PATCH RFC 0/5] liveupdate: validate restored LUO metadata
Cris Jacob Maamor
crisjacobmaamor at gmail.com
Fri May 1 02:46:32 PDT 2026
LUO restores metadata from KHO/FDT during liveupdate. The restored
metadata contains physical addresses and count fields used to access and
walk preserved session, file-set, and FLB arrays.
This series adds a non-consuming KHO preserved-range check and uses it
before phys_to_virt() on restored metadata addresses. It also rejects
restored counts above LUO_SESSION_MAX, LUO_FILE_MAX, and LUO_FLB_MAX
before traversal.
As far as I can tell, this is root/admin-only; I do not have evidence
that a normal unprivileged user can trigger it directly.
I have not reproduced this in a VM yet, so I may be missing a KHO
invariant or a preferred restore helper pattern. Feedback on the helper
semantics is welcome.
Cris Jacob Maamor (5):
kexec: handover: add helper to check preserved page ranges
liveupdate: validate restored LUO FDT before use
liveupdate: validate restored LUO session metadata
liveupdate: validate restored LUO file-set metadata
liveupdate: validate restored LUO FLB metadata
include/linux/kexec_handover.h | 6 +++++
kernel/liveupdate/kexec_handover.c | 35 ++++++++++++++++++++++++++++++
kernel/liveupdate/luo_core.c | 10 ++++++++-
kernel/liveupdate/luo_file.c | 14 ++++++++++--
kernel/liveupdate/luo_flb.c | 23 +++++++++++++++++++-
kernel/liveupdate/luo_session.c | 22 +++++++++++++++++--
6 files changed, 104 insertions(+), 6 deletions(-)
--
2.53.0
More information about the kexec
mailing list