Commit a6715d7e authored Apr 10, 2026 by Evangelos Petrongonas Committed by Mike Rapoport (Microsoft) Apr 28, 2026

kho: skip KHO for crash kernel



kho_fill_kimage() unconditionally populates the kimage with KHO
metadata for every kexec image type. When the image is a crash kernel,
this can be problematic as the crash kernel can run in a small reserved
region and the KHO scratch areas can sit outside it.
The crash kernel then faults during kho_memory_init() when it
tries phys_to_virt() on the KHO FDT address:

  Unable to handle kernel paging request at virtual address xxxxxxxx
  ...
    fdt_offset_ptr+...
    fdt_check_node_offset_+...
    fdt_first_property_offset+...
    fdt_get_property_namelen_+...
    fdt_getprop+...
    kho_memory_init+...
    mm_core_init+...
    start_kernel+...

kho_locate_mem_hole() already skips KHO logic for KEXEC_TYPE_CRASH
images, but kho_fill_kimage() was missing the same guard. As
kho_fill_kimage() is the single point that populates image->kho.fdt
and image->kho.scratch, fixing it here is sufficient for both arm64
and x86 as the FDT and boot_params path are bailing out when these
fields are unset.

Fixes: d7255959 ("kho: allow kexec load before KHO finalization")
Signed-off-by: Evangelos Petrongonas <epetron@amazon.de>
Reviewed-by: Mike Rapoport (Microsoft) <rppt@kernel.org>
Link: https://patch.msgid.link/20260410011609.1103-1-epetron@amazon.de


Signed-off-by: Mike Rapoport (Microsoft) <rppt@kernel.org>

parent 254f4963

kernel/liveupdate/kexec_handover.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -1702,7 +1702,7 @@ int kho_fill_kimage(struct kimage *image)
		int err = 0;
		struct kexec_buf scratch;

		if (!kho_enable)
		if (!kho_enable \|\| image->type == KEXEC_TYPE_CRASH)
		return 0;

		image->kho.fdt = virt_to_phys(kho_out.fdt);