diff options
| author | David Woodhouse <David.Woodhouse@intel.com> | 2013-03-14 09:23:11 -0400 |
|---|---|---|
| committer | David Woodhouse <David.Woodhouse@intel.com> | 2013-03-18 07:40:21 -0400 |
| commit | 63662139e519ce06090b2759cf4a1d291b9cc0e2 (patch) | |
| tree | 65fe475f0f13719da4f78a85d44116a5c23ba7d1 | |
| parent | fe9ab00f8354a4c388e30301859c5741590c3809 (diff) | |
params: Fix potential memory leak in add_sysfs_param()
On allocation failure, it would fail to free the old attrs array which
was no longer referenced by anything (since it would free the old
module_param_attrs struct on the way out).
Comment the suspicious-looking krealloc() usage to explain why it *isn't*
actually buggy, despite looking like a classic realloc() usage bug.
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
| -rw-r--r-- | kernel/params.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/kernel/params.c b/kernel/params.c index ed35345be536..53b958fcd639 100644 --- a/kernel/params.c +++ b/kernel/params.c | |||
| @@ -613,10 +613,13 @@ static __modinit int add_sysfs_param(struct module_kobject *mk, | |||
| 613 | sizeof(*mk->mp) + sizeof(mk->mp->attrs[0]) * (num+1), | 613 | sizeof(*mk->mp) + sizeof(mk->mp->attrs[0]) * (num+1), |
| 614 | GFP_KERNEL); | 614 | GFP_KERNEL); |
| 615 | if (!new) { | 615 | if (!new) { |
| 616 | kfree(mk->mp); | 616 | kfree(attrs); |
| 617 | err = -ENOMEM; | 617 | err = -ENOMEM; |
| 618 | goto fail; | 618 | goto fail; |
| 619 | } | 619 | } |
| 620 | /* Despite looking like the typical realloc() bug, this is safe. | ||
| 621 | * We *want* the old 'attrs' to be freed either way, and we'll store | ||
| 622 | * the new one in the success case. */ | ||
| 620 | attrs = krealloc(attrs, sizeof(new->grp.attrs[0])*(num+2), GFP_KERNEL); | 623 | attrs = krealloc(attrs, sizeof(new->grp.attrs[0])*(num+2), GFP_KERNEL); |
| 621 | if (!attrs) { | 624 | if (!attrs) { |
| 622 | err = -ENOMEM; | 625 | err = -ENOMEM; |