Currently, process_accumulated_relocations() ignores the return values
from both reloc_handler() and accumulate_handler().

As a result, the kernel will proceed to load the module with corrupted
or incomplete sections, which can lead to unpredictable behavior or
kernel panics.

So we need to check the return values of the handlers to propagate the
error, and fall back to the cleanup mode.

Fixes: 8fd6c5142395 ("riscv: Add remaining module relocations")
Assisted-by: Gemini:gemini-3.1-pro
Signed-off-by: Zishun Yi <vulab@iscas.ac.cn>
---
Changes in v2:
- Added 'Assisted-by' tag.

 arch/riscv/kernel/module.c | 24 ++++++++++++++++--------
 1 file changed, 16 insertions(+), 8 deletions(-)

diff --git a/arch/riscv/kernel/module.c b/arch/riscv/kernel/module.c
index 1961135689db..b6512fa9aca1 100644
--- a/arch/riscv/kernel/module.c
+++ b/arch/riscv/kernel/module.c
@@ -594,7 +594,7 @@ static const struct relocation_handlers reloc_handlers[] = {
 	/* 192-255 nonstandard ABI extensions  */
 };
 
-static void
+static int
 process_accumulated_relocations(struct module *me,
 				struct hlist_head **relocation_hashtable,
 				struct list_head *used_buckets_list)
@@ -625,6 +625,7 @@ process_accumulated_relocations(struct module *me,
 	int curr_type;
 	void *location;
 	long buffer;
+	int res, error = 0;
 
 	list_for_each_entry_safe(bucket_iter, bucket_iter_tmp,
 				 used_buckets_list, head) {
@@ -637,18 +638,27 @@ process_accumulated_relocations(struct module *me,
 						 &rel_head_iter->rel_entry,
 						 head) {
 				curr_type = rel_entry_iter->type;
-				reloc_handlers[curr_type].reloc_handler(
-					me, &buffer, rel_entry_iter->value);
+				if (!error) {
+					res = reloc_handlers[curr_type].reloc_handler(
+						me, &buffer, rel_entry_iter->value);
+					if (res)
+						error = res;
+				}
 				kfree(rel_entry_iter);
 			}
-			reloc_handlers[curr_type].accumulate_handler(
-				me, location, buffer);
+			if (!error) {
+				res = reloc_handlers[curr_type].accumulate_handler(
+					me, location, buffer);
+				if (res)
+					error = res;
+			}
 			kfree(rel_head_iter);
 		}
 		kfree(bucket_iter);
 	}
 
 	kvfree(*relocation_hashtable);
+	return error;
 }
 
 static int add_relocation_to_accumulate(struct module *me, int type,
@@ -886,10 +896,8 @@ int apply_relocate_add(Elf_Shdr *sechdrs, const char *strtab,
 			return res;
 	}
 
-	process_accumulated_relocations(me, &relocation_hashtable,
+	return process_accumulated_relocations(me, &relocation_hashtable,
 					&used_buckets_list);
-
-	return 0;
 }
 
 int module_finalize(const Elf_Ehdr *hdr,
-- 
2.51.2

Hi,

On Sat, 9 May 2026, Zishun Yi wrote:

> Currently, process_accumulated_relocations() ignores the return values
> from both reloc_handler() and accumulate_handler().
> 
> As a result, the kernel will proceed to load the module with corrupted
> or incomplete sections, which can lead to unpredictable behavior or
> kernel panics.
> 
> So we need to check the return values of the handlers to propagate the
> error, and fall back to the cleanup mode.

Thanks for the patch.  Rather than continuing to loop without purpose when 
an error occurs, can the function simply be exited?


- Paul