A static Sashiko AI review identified a potential NULL pointer dereference in kexec_extra_fdt_size_ppc64().
When get_reserved_memory_ranges() successfully returns 0 on platforms without any reserved memory regions, the allocated 'rmem' pointer remains NULL. Passing this unallocated pointer directly to kexec_extra_fdt_size_ppc64() leads to a kernel panic when evaluating 'rmem->nr_ranges'. Fix this by adding a defensive NULL pointer check at the beginning of kexec_extra_fdt_size_ppc64(), returning 0 extra space immediately if no reserved memory structure exists. Cc: Sourabh Jain <[email protected]> Cc: Hari Bathini <[email protected]> Cc: Michael Ellerman <[email protected]> Cc: [email protected] Fixes: 0d3ff067331e ("powerpc/kexec_file: fix extra size calculation for kexec FDT") Signed-off-by: Jinjie Ruan <[email protected]> --- arch/powerpc/kexec/file_load_64.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/arch/powerpc/kexec/file_load_64.c b/arch/powerpc/kexec/file_load_64.c index 8c72e12ea44e..fdeedf102c38 100644 --- a/arch/powerpc/kexec/file_load_64.c +++ b/arch/powerpc/kexec/file_load_64.c @@ -649,6 +649,9 @@ unsigned int kexec_extra_fdt_size_ppc64(struct kimage *image, struct crash_mem * struct device_node *dn; unsigned int cpu_nodes = 0, extra_size = 0; + if (!rmem) + return 0; + // Budget some space for the password blob. There's already extra space // for the key name if (plpks_is_available()) -- 2.34.1
