arch/riscv/kernel/module.c | 24 ++++++++++++++++-------- 1 file changed, 16 insertions(+), 8 deletions(-)
Currently, process_accumulated_relocations() ignores the return values
from both reloc_handler() and accumulate_handler().
As a result, the kernel will proceed to load the module with corrupted
or incomplete sections, which can lead to unpredictable behavior or
kernel panics.
So we need to check the return values of the handlers to propagate the
error, and fall back to the cleanup mode.
Fixes: 8fd6c5142395 ("riscv: Add remaining module relocations")
Signed-off-by: Zishun Yi <vulab@iscas.ac.cn>
---
arch/riscv/kernel/module.c | 24 ++++++++++++++++--------
1 file changed, 16 insertions(+), 8 deletions(-)
diff --git a/arch/riscv/kernel/module.c b/arch/riscv/kernel/module.c
index 1961135689db..b6512fa9aca1 100644
--- a/arch/riscv/kernel/module.c
+++ b/arch/riscv/kernel/module.c
@@ -594,7 +594,7 @@ static const struct relocation_handlers reloc_handlers[] = {
/* 192-255 nonstandard ABI extensions */
};
-static void
+static int
process_accumulated_relocations(struct module *me,
struct hlist_head **relocation_hashtable,
struct list_head *used_buckets_list)
@@ -625,6 +625,7 @@ process_accumulated_relocations(struct module *me,
int curr_type;
void *location;
long buffer;
+ int res, error = 0;
list_for_each_entry_safe(bucket_iter, bucket_iter_tmp,
used_buckets_list, head) {
@@ -637,18 +638,27 @@ process_accumulated_relocations(struct module *me,
&rel_head_iter->rel_entry,
head) {
curr_type = rel_entry_iter->type;
- reloc_handlers[curr_type].reloc_handler(
- me, &buffer, rel_entry_iter->value);
+ if (!error) {
+ res = reloc_handlers[curr_type].reloc_handler(
+ me, &buffer, rel_entry_iter->value);
+ if (res)
+ error = res;
+ }
kfree(rel_entry_iter);
}
- reloc_handlers[curr_type].accumulate_handler(
- me, location, buffer);
+ if (!error) {
+ res = reloc_handlers[curr_type].accumulate_handler(
+ me, location, buffer);
+ if (res)
+ error = res;
+ }
kfree(rel_head_iter);
}
kfree(bucket_iter);
}
kvfree(*relocation_hashtable);
+ return error;
}
static int add_relocation_to_accumulate(struct module *me, int type,
@@ -886,10 +896,8 @@ int apply_relocate_add(Elf_Shdr *sechdrs, const char *strtab,
return res;
}
- process_accumulated_relocations(me, &relocation_hashtable,
+ return process_accumulated_relocations(me, &relocation_hashtable,
&used_buckets_list);
-
- return 0;
}
int module_finalize(const Elf_Ehdr *hdr,
--
2.51.2> Currently, process_accumulated_relocations() ignores the return values
> from both reloc_handler() and accumulate_handler().
Were any source code analysis tools involved here?
…
> So we need to check the return values of the handlers to propagate the
> error, and fall back to the cleanup mode.
See also once more:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/Documentation/process/submitting-patches.rst?h=v7.0-rc4#n94
> Fixes: 8fd6c5142395 ("riscv: Add remaining module relocations")
See also once more:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/Documentation/process/stable-kernel-rules.rst?h=v7.0-rc4#n34
> Signed-off-by: Zishun Yi <vulab@iscas.ac.cn>
Do multiple personal names fit really to the same email address according to
the Developer's Certificate of Origin?
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/Documentation/process/submitting-patches.rst?h=v7.0-rc4#n396
Were code review results presented from an “university laboratory” so far?
https://github.com/ISCAS-Vulab/
https://english.is.cas.cn/
Regards,
Markus
© 2016 - 2026 Red Hat, Inc.