efi: Wipe INITRD config table from memory after consumption

ardbiesheuvel · ardbiesheuvel · commit 6e62d1c6f2c7 · 2026-01-08T12:41:38.000+01:00
When the EFI stub itself loads the initrd and puts it in memory (rather than simply passing on a struct boot_params or device tree that already carries initrd information), it exposes this information to the core kernel via a INITRD configuration table. Given that config tables are preserved across kexec, this means that subsequent kexec boots will observe the same information, even though it most likely has become stale by that point. On x86, this information is usually superseded by the initrd info passed via bootparams, in which case this stale information is simply ignored. However, when performing a kexec boot without passing an initrd, the loader falls back to this stale information and explodes. So wipe the base and size from the INITRD config table as soon as it has been consumed. This fixes the issue for kexec on all EFI architectures. Reported-by: James Le Cuirot <chewi@gentoo.org> Tested-by: James Le Cuirot <chewi@gentoo.org> Acked-by: H. Peter Anvin (Intel) <hpa@zytor.com> Link: https://lore.kernel.org/all/20251126173209.374755-2-chewi@gentoo.org Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
diff --git a/drivers/firmware/efi/efi.c b/drivers/firmware/efi/efi.c
@@ -819,6 +819,7 @@ int __init efi_config_parse_tables(const efi_config_table_t *config_tables,
 		if (tbl) {
 			phys_initrd_start = tbl->base;
 			phys_initrd_size = tbl->size;
+			tbl->base = tbl->size = 0;
 			early_memunmap(tbl, sizeof(*tbl));
 		}
 	}

Original file line number	Diff line number	Diff line change
`@@ -819,6 +819,7 @@ int __init efi_config_parse_tables(const efi_config_table_t *config_tables,`
`819`	`819`	`if (tbl) {`
`820`	`820`	`phys_initrd_start = tbl->base;`
`821`	`821`	`phys_initrd_size = tbl->size;`
	`822`	`+ tbl->base = tbl->size = 0;`
`822`	`823`	`early_memunmap(tbl, sizeof(*tbl));`
`823`	`824`	`}`
`824`	`825`	`}`