Re: [PATCH v2] kho: fix error handling in kho_add_subtree()

[Pratyush Yadav]

On Fri, Apr 10 2026, Breno Leitao wrote:

> Fix two error handling issues in kho_add_subtree(), where it doesn't
> handle the error path correctly.
>
> 1. If fdt_setprop() fails after the subnode has been created, the
>    subnode is not removed. This leaves an incomplete node in the FDT
>    (missing "preserved-data" or "blob-size" properties).
>
> 2. The fdt_setprop() return value (an FDT error code) is stored
>    directly in err and returned to the caller, which expects -errno.
>
> Fix both by storing fdt_setprop() results in fdt_err, jumping to a new
> out_del_node label that removes the subnode on failure, and only setting
> err = 0 on the success path, otherwise returning -ENOMEM (instead of
> FDT_ERR_ errors that would come from fdt_setprop).
>
> No user-visible changes. This patch fixes error handling in the KHO
> (Kexec HandOver) subsystem, which is used to preserve data across kexec
> reboots. The fix only affects a rare failure path during kexec
> preparation — specifically when the kernel runs out of space in the
> Flattened Device Tree buffer while registering preserved memory regions.
>
> In the unlikely event that this error path was triggered, the old code
> would leave a malformed node in the device tree and return an incorrect
> error code to the calling subsystem, which could lead to confusing log
> messages or incorrect recovery decisions. With this fix, the incomplete
> node is properly cleaned up and the appropriate errno value is
> propagated, this error code is not returned to the user.
>
> Cc: stable@xxxxxxxxxxxxxxx
> Fixes: 3dc92c311498 ("kexec: add Kexec HandOver (KHO) generation helpers")
> Suggested-by: Pratyush Yadav <pratyush@xxxxxxxxxx>
> Reviewed-by: Mike Rapoport (Microsoft) <rppt@xxxxxxxxxx>
> Signed-off-by: Breno Leitao <leitao@xxxxxxxxxx>

Reviewed-by: Pratyush Yadav <pratyush@xxxxxxxxxx>

[...]

-- 
Regards,
Pratyush Yadav