[PATCH] liveupdate: validate session type before performing operation
Pratyush Yadav
pratyush at kernel.org
Tue May 19 07:29:48 PDT 2026
On Tue, May 19 2026, Pasha Tatashin wrote:
> On 05-19 14:24, Pratyush Yadav wrote:
>> From: "Pratyush Yadav (Google)" <pratyush at kernel.org>
>>
>> The sessions ioctls are not applicable to all session types. PRESERVE_FD
>> is only applicable to outgoing sessions. RETRIEVE_FD and FINISH are only
>> valid for incoming session. Calling a incoming ioctl on an outgoing
>> session is invalid and can cause file handlers to run into unexpected
>> errors.
>>
>> For example, a user can create a (outgoing) session, preserve a memfd,
>> and then immediately do a retrieve without doing a kexec in between.
>
> Please add a self-test tools/testing/selftests/liveupdate/liveupdate.c
> to verify that outgoing sessions do not accept retrieve_fd ioctl.
> Option, you could also add to luo_multi_session.c a test to verifying
> that incoming does not accept preserve_fd
Right, forgot about that. Will do.
>
>> This would result in memfd's retrieve handler to run. The handlers
>> expects to be called from a post-kexec context, and will try to do a
>> kho_restore_vmalloc() or kho_restore_folio() to try and restore memory.
>>
>> KHO catches this (thanks to KHO_PAGE_MAGIC) and returns an error, but
>> since this is considered an internal error and KHO throws out a bunch of
>> WARN()s.
>>
>> Associate a type with each ioctl op and validate the type in
>> luo_session_ioctl() before dispatching the ioctl handler to make sure
>> the op is being called for the right session type.
>>
>> Fixes: 16cec0d26521 ("liveupdate: luo_session: add ioctls for file preservation")
>> Cc: stable at vger.kernel.org
>> Signed-off-by: Pratyush Yadav (Google) <pratyush at kernel.org>
--
Regards,
Pratyush Yadav
More information about the kexec
mailing list