[PATCH] arm64: kernel: initialize missing kexec_buf->random field

Breno Leitao leitao at debian.org
Fri Nov 28 05:55:05 PST 2025 

On Fri, Nov 28, 2025 at 08:17:21AM +0800, Baoquan He wrote:
> On 11/27/25 at 11:37am, Andrew Morton wrote:
> > On Thu, 27 Nov 2025 18:26:44 +0000 Yeoreum Yun <yeoreum.yun at arm.com> wrote:
> > 
> > > Commit bf454ec31add ("kexec_file: allow to place kexec_buf randomly")
> > > introduced the kexec_buf->random field to enable random placement of
> > > kexec_buf.
> > > 
> > > However, this field was never properly initialized for kexec images
> > > that do not need to be placed randomly, leading to the following UBSAN
> > > warning:
> > > 
> > > [  +0.364528] ------------[ cut here ]------------
> > > [  +0.000019] UBSAN: invalid-load in ./include/linux/kexec.h:210:12
> > > [  +0.000131] load of value 2 is not a valid value for type 'bool' (aka '_Bool')
> > > [  +0.000003] CPU: 4 UID: 0 PID: 927 Comm: kexec Not tainted 6.18.0-rc7+ #3 PREEMPT(full)
> > > [  +0.000002] Hardware name: QEMU QEMU Virtual Machine, BIOS 0.0.0 02/06/2015
> > > [  +0.000000] Call trace:
> > > [  +0.000001]  show_stack+0x24/0x40 (C)
> > > [  +0.000006]  __dump_stack+0x28/0x48
> > > [  +0.000002]  dump_stack_lvl+0x7c/0xb0
> > > [  +0.000002]  dump_stack+0x18/0x34
> > > [  +0.000001]  ubsan_epilogue+0x10/0x50
> > > [  +0.000002]  __ubsan_handle_load_invalid_value+0xc8/0xd0
> > > [  +0.000003]  locate_mem_hole_callback+0x28c/0x2a0
> > > [  +0.000003]  kexec_locate_mem_hole+0xf4/0x2f0
> > > [  +0.000001]  kexec_add_buffer+0xa8/0x178
> > > [  +0.000002]  image_load+0xf0/0x258
> > > [  +0.000001]  __arm64_sys_kexec_file_load+0x510/0x718
> > > [  +0.000002]  invoke_syscall+0x68/0xe8
> > > [  +0.000001]  el0_svc_common+0xb0/0xf8
> > > [  +0.000002]  do_el0_svc+0x28/0x48
> > > [  +0.000001]  el0_svc+0x40/0xe8
> > > [  +0.000002]  el0t_64_sync_handler+0x84/0x140
> > > [  +0.000002]  el0t_64_sync+0x1bc/0x1c0
> > > 
> > > To address this, initialise kexec_buf->random field properly.
> > > 
> > > Fixes: bf454ec31add ("kexec_file: allow to place kexec_buf randomly")
> > 
> > Thanks, I'll add a cc:stable to this.
> 
> This has been fixed in below series from Breno Leitao.
> 
> [PATCH 0/3] kexec: Fix invalid field access
> https://lore.kernel.org/all/20250827-kbuf_all-v1-0-1df9882bb01a@debian.org/T/#u

Right, these fixes are on 6.18 since day one.

Yeoreum is hitting another code path that I haven't fixed, it seems
(through image_load()).

That said, I think the fix should be similar to commit 04d3cd43700 ("arm64:
kexec: initialize kexec_buf struct in load_other_segments()"). I.e:

	--- a/arch/arm64/kernel/kexec_image.c
	+++ b/arch/arm64/kernel/kexec_image.c
	@@ -41,7 +41,7 @@ static void *image_load(struct kimage *image,
		struct arm64_image_header *h;
		u64 flags, value;
		bool be_image, be_kernel;
	-       struct kexec_buf kbuf;
	+       struct kexec_buf kbuf = {};
		unsigned long text_offset, kernel_segment_number;
		struct kexec_segment *kernel_segment;
		int ret;

Thanks for fixing this new instance,
--breno

More information about the linux-arm-kernel mailing list