MIPS: Fix memory leak in error path of HI16/LO16 relocation handling.

Commit 6f5d2e970452b5c86906adcb8e7ad246f535ba39 (lmo) /
477c4b07406357ad93d0e32788dbf3ee814eadaa (kernel.org) [[MIPS: VPE: Free
relocation chain on error.] fixed the same issue in the vpe loader in 2009
but back then the same bug in module.c went unfixed.

Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Reported-by: Akhilesh Kumar <akhilesh.lxr@gmail.com>

1 files changed, 7 insertions, 2 deletions

diff --git a/arch/mips/kernel/module.c b/arch/mips/kernel/module.c
index a5066b1c3de3..e5f2f56524ea 100644
--- a/arch/mips/kernel/module.c
+++ b/arch/mips/kernel/module.c
@@ -146,16 +146,15 @@ static int apply_r_mips_lo16_rel(struct module *me, u32 *location, Elf_Addr v)
 {
         unsigned long insnlo = *location;
         Elf_Addr val, vallo;
+        struct mips_hi16 *l, *next;
 
         /* Sign extend the addend we extract from the lo insn.  */
         vallo = ((insnlo & 0xffff) ^ 0x8000) - 0x8000;
 
         if (mips_hi16_list != NULL) {
-                struct mips_hi16 *l;
 
                 l = mips_hi16_list;
                 while (l != NULL) {
-                        struct mips_hi16 *next;
                         unsigned long insn;
 
                         /*
@@ -201,6 +200,12 @@ static int apply_r_mips_lo16_rel(struct module *me, u32 *location, Elf_Addr v)
         return 0;
 
 out_danger:
+        while (l) {
+                next = l->next;
+                kfree(l);
+                l = next;
+        }
+
         pr_err("module %s: dangerous R_MIPS_LO16 REL relocation\n", me->name);
 
         return -ENOEXEC;