git.ipfire.org Git - thirdparty/kernel/stable.git/commit

author	Josh Law <objecting@objecting.org>
	Wed, 18 Mar 2026 23:43:05 +0000 (08:43 +0900)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Wed, 25 Mar 2026 10:08:57 +0000 (11:08 +0100)
commit	21156d04549d5da2830165fe2ce6a8d8ba53981b
tree	7d227eb318c1d07a7a84fa9756fe02e4aff00f14	tree \| snapshot
parent	1db7e11a2e2b98899e5c85da65ebf3de3a3c5048	commit \| diff

lib/bootconfig: check xbc_init_node() return in override path

[ Upstream commit bb288d7d869e86d382f35a0e26242c5ccb05ca82 ]

The ':=' override path in xbc_parse_kv() calls xbc_init_node() to
re-initialize an existing value node but does not check the return
value. If xbc_init_node() fails (data offset out of range), parsing
silently continues with stale node data.

Add the missing error check to match the xbc_add_node() call path
which already checks for failure.

In practice, a bootconfig using ':=' to override a value near the
32KB data limit could silently retain the old value, meaning a
security-relevant boot parameter override (e.g., a trace filter or
debug setting) would not take effect as intended.

Link: https://lore.kernel.org/all/20260318155847.78065-2-objecting@objecting.org/
Fixes: e5efaeb8a8f5 ("bootconfig: Support mixing a value and subkeys under a key")
Signed-off-by: Josh Law <objecting@objecting.org>
Signed-off-by: Masami Hiramatsu (Google) <mhiramat@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>