kernel/liveupdate/kexec_handover.c | 21 +++++++++++++-------- 1 file changed, 13 insertions(+), 8 deletions(-)
Fix two error handling issues in kho_add_subtree(), where it doesn't
handle the error path correctly.
1. If fdt_setprop() fails after the subnode has been created, the
subnode is not removed. This leaves an incomplete node in the FDT
(missing "preserved-data" or "blob-size" properties).
2. The fdt_setprop() return value (an FDT error code) is stored
directly in err and returned to the caller, which expects -errno.
Fix both by storing fdt_setprop() results in fdt_err, jumping to a new
out_del_node label that removes the subnode on failure, and only setting
err = 0 on the success path, otherwise returning -ENOMEM (instead of
FDT_ERR_ errors that would come from fdt_setprop).
Fixes: 3dc92c311498 ("kexec: add Kexec HandOver (KHO) generation helpers")
Suggested-by: Pratyush Yadav <pratyush@kernel.org>
Signed-off-by: Breno Leitao <leitao@debian.org>
---
kernel/liveupdate/kexec_handover.c | 21 +++++++++++++--------
1 file changed, 13 insertions(+), 8 deletions(-)
diff --git a/kernel/liveupdate/kexec_handover.c b/kernel/liveupdate/kexec_handover.c
index 94762de1fe5f0..18509d8082ea7 100644
--- a/kernel/liveupdate/kexec_handover.c
+++ b/kernel/liveupdate/kexec_handover.c
@@ -762,19 +762,24 @@ int kho_add_subtree(const char *name, void *blob, size_t size)
goto out_pack;
}
- err = fdt_setprop(root_fdt, off, KHO_SUB_TREE_PROP_NAME,
- &phys, sizeof(phys));
- if (err < 0)
- goto out_pack;
+ fdt_err = fdt_setprop(root_fdt, off, KHO_SUB_TREE_PROP_NAME,
+ &phys, sizeof(phys));
+ if (fdt_err < 0)
+ goto out_del_node;
- err = fdt_setprop(root_fdt, off, KHO_SUB_TREE_SIZE_PROP_NAME,
- &size_u64, sizeof(size_u64));
- if (err < 0)
- goto out_pack;
+ fdt_err = fdt_setprop(root_fdt, off, KHO_SUB_TREE_SIZE_PROP_NAME,
+ &size_u64, sizeof(size_u64));
+ if (fdt_err < 0)
+ goto out_del_node;
WARN_ON_ONCE(kho_debugfs_blob_add(&kho_out.dbg, name, blob,
size, false));
+ err = 0;
+ goto out_pack;
+
+out_del_node:
+ fdt_del_node(root_fdt, off);
out_pack:
fdt_pack(root_fdt);
---
base-commit: 9763aa6c6df784d7159925c0b3bef4dfb791e84f
change-id: 20260407-kho_fix_send-ae33f16d7502
Best regards,
--
Breno Leitao <leitao@debian.org>On Tue, 07 Apr 2026 10:01:47 -0700 Breno Leitao <leitao@debian.org> wrote:
> Fix two error handling issues in kho_add_subtree(), where it doesn't
> handle the error path correctly.
>
> 1. If fdt_setprop() fails after the subnode has been created, the
> subnode is not removed. This leaves an incomplete node in the FDT
> (missing "preserved-data" or "blob-size" properties).
>
> 2. The fdt_setprop() return value (an FDT error code) is stored
> directly in err and returned to the caller, which expects -errno.
>
> Fix both by storing fdt_setprop() results in fdt_err, jumping to a new
> out_del_node label that removes the subnode on failure, and only setting
> err = 0 on the success path, otherwise returning -ENOMEM (instead of
> FDT_ERR_ errors that would come from fdt_setprop).
>
> Fixes: 3dc92c311498 ("kexec: add Kexec HandOver (KHO) generation helpers")
v6.16.
> Suggested-by: Pratyush Yadav <pratyush@kernel.org>
> Signed-off-by: Breno Leitao <leitao@debian.org>
> ---
> kernel/liveupdate/kexec_handover.c | 21 +++++++++++++--------
> 1 file changed, 13 insertions(+), 8 deletions(-)
Do -stable kernels want this?
Changelog is missing a description of userspace-visible effects, So I
(and others) can't tell!
On Thu, Apr 09, 2026 at 03:08:02PM -0700, Andrew Morton wrote:
> On Tue, 07 Apr 2026 10:01:47 -0700 Breno Leitao <leitao@debian.org> wrote:
>
> > Fix two error handling issues in kho_add_subtree(), where it doesn't
> > handle the error path correctly.
> >
> > 1. If fdt_setprop() fails after the subnode has been created, the
> > subnode is not removed. This leaves an incomplete node in the FDT
> > (missing "preserved-data" or "blob-size" properties).
> >
> > 2. The fdt_setprop() return value (an FDT error code) is stored
> > directly in err and returned to the caller, which expects -errno.
> >
> > Fix both by storing fdt_setprop() results in fdt_err, jumping to a new
> > out_del_node label that removes the subnode on failure, and only setting
> > err = 0 on the success path, otherwise returning -ENOMEM (instead of
> > FDT_ERR_ errors that would come from fdt_setprop).
> >
> > Fixes: 3dc92c311498 ("kexec: add Kexec HandOver (KHO) generation helpers")
>
> v6.16.
>
> > Suggested-by: Pratyush Yadav <pratyush@kernel.org>
> > Signed-off-by: Breno Leitao <leitao@debian.org>
> > ---
> > kernel/liveupdate/kexec_handover.c | 21 +++++++++++++--------
> > 1 file changed, 13 insertions(+), 8 deletions(-)
>
> Do -stable kernels want this?
>
> Changelog is missing a description of userspace-visible effects, So I
> (and others) can't tell!
Agreed. I'll improve the changelog to describe the user-visible impact
and CC stable in v2.
On Tue, Apr 07, 2026 at 10:01:47AM -0700, Breno Leitao wrote:
> Fix two error handling issues in kho_add_subtree(), where it doesn't
> handle the error path correctly.
>
> 1. If fdt_setprop() fails after the subnode has been created, the
> subnode is not removed. This leaves an incomplete node in the FDT
> (missing "preserved-data" or "blob-size" properties).
>
> 2. The fdt_setprop() return value (an FDT error code) is stored
> directly in err and returned to the caller, which expects -errno.
>
> Fix both by storing fdt_setprop() results in fdt_err, jumping to a new
> out_del_node label that removes the subnode on failure, and only setting
> err = 0 on the success path, otherwise returning -ENOMEM (instead of
> FDT_ERR_ errors that would come from fdt_setprop).
>
> Fixes: 3dc92c311498 ("kexec: add Kexec HandOver (KHO) generation helpers")
> Suggested-by: Pratyush Yadav <pratyush@kernel.org>
> Signed-off-by: Breno Leitao <leitao@debian.org>
Reviewed-by: Mike Rapoport (Microsoft) <rppt@kernel.org>
> ---
> kernel/liveupdate/kexec_handover.c | 21 +++++++++++++--------
> 1 file changed, 13 insertions(+), 8 deletions(-)
--
Sincerely yours,
Mike.
© 2016 - 2026 Red Hat, Inc.