rjmcmahon
/
umber-kernel
1
0
Fork 0
Code Issues 1 Pull Requests Packages Projects Releases Wiki Activity
Kernel code for umber Fi-Wi concentrator
1,402,437 Commits 1 Branch 0 Tags 12 GiB
Go to file
Harshit Mogalapalli 9e1f51c1ad ima: verify the previous kernel's IMA buffer lies in addressable RAM 
[ Upstream commit 10d1c75ed4382a8e79874379caa2ead8952734f9 ]

Patch series "Address page fault in ima_restore_measurement_list()", v3.

When the second-stage kernel is booted via kexec with a limiting command
line such as "mem=<size>" we observe a pafe fault that happens.

    BUG: unable to handle page fault for address: ffff97793ff47000
    RIP: ima_restore_measurement_list+0xdc/0x45a
    #PF: error_code(0x0000)  not-present page

This happens on x86_64 only, as this is already fixed in aarch64 in
commit: cbf9c4b961 ("of: check previous kernel's ima-kexec-buffer
against memory bounds")

This patch (of 3):

When the second-stage kernel is booted with a limiting command line (e.g.
"mem=<size>"), the IMA measurement buffer handed over from the previous
kernel may fall outside the addressable RAM of the new kernel.  Accessing
such a buffer can fault during early restore.

Introduce a small generic helper, ima_validate_range(), which verifies
that a physical [start, end] range for the previous-kernel IMA buffer lies
within addressable memory:
	- On x86, use pfn_range_is_mapped().
	- On OF based architectures, use page_is_ram().

Link: https://lkml.kernel.org/r/20251231061609.907170-1-harshit.m.mogalapalli@oracle.com
Link: https://lkml.kernel.org/r/20251231061609.907170-2-harshit.m.mogalapalli@oracle.com
Signed-off-by: Harshit Mogalapalli <harshit.m.mogalapalli@oracle.com>
Reviewed-by: Mimi Zohar <zohar@linux.ibm.com>
Cc: Alexander Graf <graf@amazon.com>
Cc: Ard Biesheuvel <ardb@kernel.org>
Cc: Borislav Betkov <bp@alien8.de>
Cc: guoweikang <guoweikang.kernel@gmail.com>
Cc: Henry Willard <henry.willard@oracle.com>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Jiri Bohac <jbohac@suse.cz>
Cc: Joel Granados <joel.granados@kernel.org>
Cc: Jonathan McDowell <noodles@fb.com>
Cc: Mike Rapoport <rppt@kernel.org>
Cc: Paul Webb <paul.x.webb@oracle.com>
Cc: Sohil Mehta <sohil.mehta@intel.com>
Cc: Sourabh Jain <sourabhjain@linux.ibm.com>
Cc: Thomas Gleinxer <tglx@linutronix.de>
Cc: Yifei Liu <yifei.l.liu@oracle.com>
Cc: Baoquan He <bhe@redhat.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
 		2026-03-04 07:21:17 -05:00
Documentation ipv6: Move ipv6_fl_list from ipv6_pinfo to inet_sock. 2026-03-04 07:20:44 -05:00
LICENSES
arch KVM: x86: Add SRCU protection for reading PDPTRs in __get_sregs2() 2026-03-04 07:21:15 -05:00
block block: decouple secure erase size limit from discard size limit 2026-03-04 07:19:38 -05:00
certs
crypto crypto: authencesn - reject too-short AAD (assoclen<8) to match ESP/ESN spec 2026-01-30 10:32:12 +01:00
drivers PCI: Fix bridge window alignment with optional resources 2026-03-04 07:21:17 -05:00
fs nfsd: fix return error code for nfsd_map_name_to_[ug]id 2026-03-04 07:21:17 -05:00
include ima: verify the previous kernel's IMA buffer lies in addressable RAM 2026-03-04 07:21:17 -05:00
init printk changes for 6.18 2025-10-04 11:13:11 -07:00
io_uring io_uring/timeout: annotate data race in io_flush_timeouts() 2026-03-04 07:19:36 -05:00
ipc ipc: don't audit capability check in ipc_permissions() 2026-02-26 14:59:19 -08:00
kernel Remove WARN_ALL_UNSEEDED_RANDOM kernel config option 2026-03-04 07:20:46 -05:00
lib Remove WARN_ALL_UNSEEDED_RANDOM kernel config option 2026-03-04 07:20:46 -05:00
mm mm, page_alloc, thp: prevent reclaim for __GFP_THISNODE THP allocations 2026-03-04 07:21:10 -05:00
net netfilter: nf_conntrack_h323: fix OOB read in decode_choice() 2026-03-04 07:20:52 -05:00
rust rust/drm: Fix Registration::{new,new_foreign_owned}() docs 2026-03-04 07:21:15 -05:00
samples samples/ftrace: Adjust LoongArch register restore order in direct calls 2026-01-08 10:17:11 +01:00
scripts docs: kdoc: avoid error_count overflows 2026-03-04 07:21:10 -05:00
security ima: verify the previous kernel's IMA buffer lies in addressable RAM 2026-03-04 07:21:17 -05:00
sound ASoC: SOF: ipc4-control: Keep the payload size up to date 2026-03-04 07:20:54 -05:00
tools selftests/mm/charge_reserved_hugetlb: drop mount size for hugetlbfs 2026-03-04 07:21:10 -05:00
usr gen_init_cpio: Ignore fsync() returning EINVAL on pipes 2025-10-07 09:53:05 -07:00
virt KVM: Don't clobber irqfd routing type when deassigning irqfd 2026-02-11 13:41:44 +01:00
.clang-format
.clippy.toml
.cocciconfig
.editorconfig
.get_maintainer.ignore
.gitattributes
.gitignore
.mailmap 8 hotfixes. 4 are cc:stable, 7 are against mm/. 2025-11-26 12:38:05 -08:00
.pylintrc
.rustfmt.toml
COPYING
CREDITS MAINTAINERS: mark ISDN subsystem as orphan 2025-10-27 17:49:45 -07:00
Kbuild
Kconfig
MAINTAINERS soc: fixes for 6.18, part 4 2025-11-28 09:57:31 -08:00
Makefile Linux 6.18.15 2026-02-27 16:05:10 -05:00
README

README 

Linux kernel
============

There are several guides for kernel developers and users. These guides can
be rendered in a number of formats, like HTML and PDF. Please read
Documentation/admin-guide/README.rst first.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.  The formatted documentation can also be read online at:

    https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory,
several of them using the reStructuredText markup notation.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.