From d3cac35cd0a2a987f7559e1829fb0253cea33872 Mon Sep 17 00:00:00 2001 From: Ralf Baechle Date: Wed, 8 Aug 2012 14:57:03 +0200 Subject: [PATCH] MIPS: Fix memory leak in error path of HI16/LO16 relocation handling. Commit 6f5d2e970452b5c86906adcb8e7ad246f535ba39 (lmo) / 477c4b07406357ad93d0e32788dbf3ee814eadaa (kernel.org) [[MIPS: VPE: Free relocation chain on error.] fixed the same issue in the vpe loader in 2009 but back then the same bug in module.c went unfixed. Signed-off-by: Ralf Baechle Reported-by: Akhilesh Kumar --- arch/mips/kernel/module.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/arch/mips/kernel/module.c b/arch/mips/kernel/module.c index a5066b1c3de3..e5f2f56524ea 100644 --- a/arch/mips/kernel/module.c +++ b/arch/mips/kernel/module.c @@ -146,16 +146,15 @@ static int apply_r_mips_lo16_rel(struct module *me, u32 *location, Elf_Addr v) { unsigned long insnlo = *location; Elf_Addr val, vallo; + struct mips_hi16 *l, *next; /* Sign extend the addend we extract from the lo insn. */ vallo = ((insnlo & 0xffff) ^ 0x8000) - 0x8000; if (mips_hi16_list != NULL) { - struct mips_hi16 *l; l = mips_hi16_list; while (l != NULL) { - struct mips_hi16 *next; unsigned long insn; /* @@ -201,6 +200,12 @@ static int apply_r_mips_lo16_rel(struct module *me, u32 *location, Elf_Addr v) return 0; out_danger: + while (l) { + next = l->next; + kfree(l); + l = next; + } + pr_err("module %s: dangerous R_MIPS_LO16 REL relocation\n", me->name); return -ENOEXEC; -- 2.20.1