[PATCH] riscv: Check the return value of reloc handlers

[PATCH] riscv: Check the return value of reloc handlers

[Zishun Yi]

Currently, process_accumulated_relocations() ignores the return values
from both reloc_handler() and accumulate_handler().

As a result, the kernel will proceed to load the module with corrupted
or incomplete sections, which can lead to unpredictable behavior or
kernel panics.

So we need to check the return values of the handlers to propagate the
error, and fall back to the cleanup mode.

Fixes: 8fd6c5142395 ("riscv: Add remaining module relocations")
Signed-off-by: Zishun Yi <vulab@iscas.ac.cn>
---
 arch/riscv/kernel/module.c | 24 ++++++++++++++++--------
 1 file changed, 16 insertions(+), 8 deletions(-)

diff --git a/arch/riscv/kernel/module.c b/arch/riscv/kernel/module.c
index 1961135689db..b6512fa9aca1 100644
--- a/arch/riscv/kernel/module.c
+++ b/arch/riscv/kernel/module.c
@@ -594,7 +594,7 @@ static const struct relocation_handlers reloc_handlers[] = {
 	/* 192-255 nonstandard ABI extensions  */
 };
 
-static void
+static int
 process_accumulated_relocations(struct module *me,
 				struct hlist_head **relocation_hashtable,
 				struct list_head *used_buckets_list)
@@ -625,6 +625,7 @@ process_accumulated_relocations(struct module *me,
 	int curr_type;
 	void *location;
 	long buffer;
+	int res, error = 0;
 
 	list_for_each_entry_safe(bucket_iter, bucket_iter_tmp,
 				 used_buckets_list, head) {
@@ -637,18 +638,27 @@ process_accumulated_relocations(struct module *me,
 						 &rel_head_iter->rel_entry,
 						 head) {
 				curr_type = rel_entry_iter->type;
-				reloc_handlers[curr_type].reloc_handler(
-					me, &buffer, rel_entry_iter->value);
+				if (!error) {
+					res = reloc_handlers[curr_type].reloc_handler(
+						me, &buffer, rel_entry_iter->value);
+					if (res)
+						error = res;
+				}
 				kfree(rel_entry_iter);
 			}
-			reloc_handlers[curr_type].accumulate_handler(
-				me, location, buffer);
+			if (!error) {
+				res = reloc_handlers[curr_type].accumulate_handler(
+					me, location, buffer);
+				if (res)
+					error = res;
+			}
 			kfree(rel_head_iter);
 		}
 		kfree(bucket_iter);
 	}
 
 	kvfree(*relocation_hashtable);
+	return error;
 }
 
 static int add_relocation_to_accumulate(struct module *me, int type,
@@ -886,10 +896,8 @@ int apply_relocate_add(Elf_Shdr *sechdrs, const char *strtab,
 			return res;
 	}
 
-	process_accumulated_relocations(me, &relocation_hashtable,
+	return process_accumulated_relocations(me, &relocation_hashtable,
 					&used_buckets_list);
-
-	return 0;
 }
 
 int module_finalize(const Elf_Ehdr *hdr,
-- 
2.51.2

Re: [PATCH] riscv: Check the return value of reloc handlers

[Markus Elfring]

> Currently, process_accumulated_relocations() ignores the return values
> from both reloc_handler() and accumulate_handler().

Were any source code analysis tools involved here?


…
> So we need to check the return values of the handlers to propagate the
> error, and fall back to the cleanup mode.

See also once more:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/Documentation/process/submitting-patches.rst?h=v7.0-rc4#n94


> Fixes: 8fd6c5142395 ("riscv: Add remaining module relocations")

See also once more:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/Documentation/process/stable-kernel-rules.rst?h=v7.0-rc4#n34


> Signed-off-by: Zishun Yi <vulab@iscas.ac.cn>

Do multiple personal names fit really to the same email address according to
the Developer's Certificate of Origin?
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/Documentation/process/submitting-patches.rst?h=v7.0-rc4#n396

Were code review results presented from an “university laboratory” so far?
https://github.com/ISCAS-Vulab/
https://english.is.cas.cn/

Regards,
Markus

Re: [PATCH] riscv: Check the return value of reloc handlers

[Paul Walmsley]

Hello Zishun Yi (and, apparently, Wentao Liang), 

On Sat, 21 Mar 2026, Zishun Yi wrote:

> Currently, process_accumulated_relocations() ignores the return values
> from both reloc_handler() and accumulate_handler().
> 
> As a result, the kernel will proceed to load the module with corrupted
> or incomplete sections, which can lead to unpredictable behavior or
> kernel panics.
> 
> So we need to check the return values of the handlers to propagate the
> error, and fall back to the cleanup mode.
> 
> Fixes: 8fd6c5142395 ("riscv: Add remaining module relocations")
> Signed-off-by: Zishun Yi <vulab@iscas.ac.cn>

Thank you for sending this and several other fixes.  I would like to 
accept the RISC-V-oriented fixes, but have a few questions first -- 
similar to the ones that Markus already asked you several weeks ago.

First: were these fixes found and/or generated by LLM tools?  They appear 
to be.  If so, please add an Assisted-by: tag, according to the directions 
documented here:

  https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/Documentation/process/submitting-patches.rst#n637 

and here:

  https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/Documentation/process/coding-assistants.rst


Second: is it possible for you both to get your own unique E-mail 
accounts?  Many kernel developers and tools assume that a specific E-mail 
address will be used by only one person.  For example, Patchwork is now 
incorrectly attributing patches originally sent by Zishun Yi to Wentao 
Liang, under the not-unreasonable assumption that each developer will have 
their own E-mail address.


- Paul