kho: warn and exit when unpreserved page wasn't preserved

commit b05addf6f0596edb1f82ab4059438c7ef2d2686d upstream.

Calling __kho_unpreserve() on a pair of (pfn, end_pfn) that wasn't
preserved is a bug.  Currently, if that is done, the physxa or bits can be
NULL.  This results in a soft lockup since a NULL physxa or bits results
in redoing the loop without ever making any progress.

Return when physxa or bits are not found, but WARN first to loudly
indicate invalid behaviour.

Link: https://lkml.kernel.org/r/20251103180235.71409-3-pratyush@kernel.org
Fixes: fc33e4b44b27 ("kexec: enable KHO support for memory preservation")
Signed-off-by: Pratyush Yadav <pratyush@kernel.org>
Reviewed-by: Mike Rapoport (Microsoft) <rppt@kernel.org>
Cc: Alexander Graf <graf@amazon.com>
Cc: Baoquan He <bhe@redhat.com>
Cc: Pasha Tatashin <pasha.tatashin@soleen.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/kernel/kexec_handover.c b/kernel/kexec_handover.c
index c58afd23a241fe80dbbb7bf78f32bc1c8a02c314..d5038b6ee997cabe6c66b345aadf897e524187b9 100644 (file)
--- a/kernel/kexec_handover.c
+++ b/kernel/kexec_handover.c
@@ -127,12 +127,12 @@ static void __kho_unpreserve(struct kho_mem_track *track, unsigned long pfn,
                const unsigned long pfn_high = pfn >> order;
 
                physxa = xa_load(&track->orders, order);
-               if (!physxa)
-                       continue;
+               if (WARN_ON_ONCE(!physxa))
+                       return;
 
                bits = xa_load(&physxa->phys_bits, pfn_high / PRESERVE_BITS);
-               if (!bits)
-                       continue;
+               if (WARN_ON_ONCE(!bits))
+                       return;
 
                clear_bit(pfn_high % PRESERVE_BITS, bits->preserve);