[PATCH v15 03/23] powerpc/kexec_file: Fix NULL pointer dereference in kexec_extra_fdt_size_ppc64()
Jinjie Ruan
ruanjinjie at huawei.com
Mon Jun 1 02:47:45 PDT 2026
A static Sashiko AI review identified a potential NULL pointer dereference
in kexec_extra_fdt_size_ppc64().
When get_reserved_memory_ranges() successfully returns 0 on platforms
without any reserved memory regions, the allocated 'rmem' pointer remains
NULL. Passing this unallocated pointer directly to
kexec_extra_fdt_size_ppc64() leads to a kernel panic when evaluating
'rmem->nr_ranges'.
Fix this by adding a defensive NULL pointer check at the beginning of
kexec_extra_fdt_size_ppc64(), returning 0 extra space immediately if
no reserved memory structure exists.
Cc: Sourabh Jain <sourabhjain at linux.ibm.com>
Cc: Hari Bathini <hbathini at linux.ibm.com>
Cc: Michael Ellerman <mpe at ellerman.id.au>
Cc: stable at vger.kernel.org
Fixes: 0d3ff067331e ("powerpc/kexec_file: fix extra size calculation for kexec FDT")
Signed-off-by: Jinjie Ruan <ruanjinjie at huawei.com>
---
arch/powerpc/kexec/file_load_64.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/arch/powerpc/kexec/file_load_64.c b/arch/powerpc/kexec/file_load_64.c
index 8c72e12ea44e..fdeedf102c38 100644
--- a/arch/powerpc/kexec/file_load_64.c
+++ b/arch/powerpc/kexec/file_load_64.c
@@ -649,6 +649,9 @@ unsigned int kexec_extra_fdt_size_ppc64(struct kimage *image, struct crash_mem *
struct device_node *dn;
unsigned int cpu_nodes = 0, extra_size = 0;
+ if (!rmem)
+ return 0;
+
// Budget some space for the password blob. There's already extra space
// for the key name
if (plpks_is_available())
--
2.34.1
More information about the linux-riscv
mailing list