Re: [PATCH 7.0.y] kho: fix error handling in kho_add_subtree()

[Mike Rapoport <rppt@kernel.org>]

On Thu, May 14, 2026 at 03:25:53PM -0400, Sasha Levin wrote:
> From: Breno Leitao <leitao@debian.org>
> 
> [ Upstream commit 9ec95329894864170a1a7685b9a11b739393131a ]
> 
> Fix two error handling issues in kho_add_subtree(), where it doesn't
> handle the error path correctly.
> 
> 1. If fdt_setprop() fails after the subnode has been created, the
>    subnode is not removed. This leaves an incomplete node in the FDT
>    (missing "preserved-data" or "blob-size" properties).
> 
> 2. The fdt_setprop() return value (an FDT error code) is stored
>    directly in err and returned to the caller, which expects -errno.
> 
> Fix both by storing fdt_setprop() results in fdt_err, jumping to a new
> out_del_node label that removes the subnode on failure, and only setting
> err = 0 on the success path, otherwise returning -ENOMEM (instead of
> FDT_ERR_ errors that would come from fdt_setprop).
> 
> No user-visible changes.  This patch fixes error handling in the KHO
> (Kexec HandOver) subsystem, which is used to preserve data across kexec
> reboots.  The fix only affects a rare failure path during kexec
> preparation — specifically when the kernel runs out of space in the
> Flattened Device Tree buffer while registering preserved memory regions.
> 
> In the unlikely event that this error path was triggered, the old code
> would leave a malformed node in the device tree and return an incorrect
> error code to the calling subsystem, which could lead to confusing log
> messages or incorrect recovery decisions.  With this fix, the incomplete
> node is properly cleaned up and the appropriate errno value is propagated,
> this error code is not returned to the user.
> 
> Link: https://lore.kernel.org/20260410-kho_fix_send-v2-1-1b4debf7ee08@debian.org
> Fixes: 3dc92c311498 ("kexec: add Kexec HandOver (KHO) generation helpers")
> Signed-off-by: Breno Leitao <leitao@debian.org>
> Suggested-by: Pratyush Yadav <pratyush@kernel.org>
> Reviewed-by: Mike Rapoport (Microsoft) <rppt@kernel.org>
> Reviewed-by: Pratyush Yadav <pratyush@kernel.org>
> Cc: Alexander Graf <graf@amazon.com>
> Cc: Breno Leitao <leitao@debian.org>
> Cc: Pasha Tatashin <pasha.tatashin@soleen.com>
> Cc: <stable@vger.kernel.org>
> Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
> Signed-off-by: Sasha Levin <sashal@kernel.org>

Acked-by: Mike Rapoport (Microsoft) <rppt@kernel.org>

> ---
>  kernel/liveupdate/kexec_handover.c | 13 +++++++++----
>  1 file changed, 9 insertions(+), 4 deletions(-)
> 
> diff --git a/kernel/liveupdate/kexec_handover.c b/kernel/liveupdate/kexec_handover.c
> index cc68a3692905d..479c42e08b74a 100644
> --- a/kernel/liveupdate/kexec_handover.c
> +++ b/kernel/liveupdate/kexec_handover.c
> @@ -757,13 +757,18 @@ int kho_add_subtree(const char *name, void *fdt)
>  		goto out_pack;
>  	}
>  
> -	err = fdt_setprop(root_fdt, off, KHO_FDT_SUB_TREE_PROP_NAME,
> -			  &phys, sizeof(phys));
> -	if (err < 0)
> -		goto out_pack;
> +	fdt_err = fdt_setprop(root_fdt, off, KHO_FDT_SUB_TREE_PROP_NAME,
> +			      &phys, sizeof(phys));
> +	if (fdt_err < 0)
> +		goto out_del_node;
>  
>  	WARN_ON_ONCE(kho_debugfs_fdt_add(&kho_out.dbg, name, fdt, false));
>  
> +	err = 0;
> +	goto out_pack;
> +
> +out_del_node:
> +	fdt_del_node(root_fdt, off);
>  out_pack:
>  	fdt_pack(root_fdt);
>  
> -- 
> 2.53.0
> 

-- 
Sincerely yours,
Mike.