param: fix charp parameters set via sysfs

Impact: fix crash on reading from /sys/module/.../ieee80211_default_rc_algo The module_param type "charp" simply sets a char * pointer in the module to the parameter in the commandline string: this is why we keep the (mangled) module command line around. But when set via sysfs (as about 11 charp parameters can be) this memory is freed on the way out of the write(). Future reads hit random mem. So we kstrdup instead: we have to check we're not in early commandline parsing, and we have to note when we've used it so we can reliably kfree the parameter when it's next overwritten, and also on module unload. (Thanks to Randy Dunlap for CONFIG_SYSFS=n fixes) Reported-by: Sitsofe Wheeler <sitsofe@yahoo.com> Diagnosed-by: Frederic Weisbecker <fweisbec@gmail.com> Tested-by: Frederic Weisbecker <fweisbec@gmail.com> Tested-by: Christof Schmitt <christof.schmitt@de.ibm.com> Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
author: Rusty Russell <rusty@rustcorp.com.au> 2009-03-31 15:05:29 -0400
committer: Rusty Russell <rusty@rustcorp.com.au> 2009-03-30 22:35:30 -0400
commit: e180a6b7759a99a28cbcce3547c4c80822cb6c2a (patch)
tree: d52b950935f3192d13bdd4ad9377b39bab21325e /kernel/module.c
parent: 15f7176eb1cccec0a332541285ee752b935c1c85 (diff)
1 files changed, 8 insertions, 6 deletions
diff --git a/kernel/module.c b/kernel/module.c
index f77ac320d0b5..b862fdb6a372 100644
--- a/kernel/module.c
+++ b/kernel/module.c
@@ -1491,6 +1491,9 @@ static void free_module(struct module *mod)
        /* Module unload stuff */
        module_unload_free(mod);
+        /* Free any allocated parameters. */
+        destroy_params(mod->kp, mod->num_kp);
        /* release any pointers to mcount in this module */
        ftrace_release(mod->module_core, mod->core_size);
@@ -1898,8 +1901,7 @@ static noinline struct module *load_module(void __user *umod,
        unsigned int symindex = 0;
        unsigned int strindex = 0;
        unsigned int modindex, versindex, infoindex, pcpuindex;
-        unsigned int num_kp, num_mcount;
+        unsigned int num_mcount;
-        struct kernel_param *kp;
        struct module *mod;
        long err = 0;
        void *percpu = NULL, *ptr = NULL; /* Stops spurious gcc warning */
@@ -2144,8 +2146,8 @@ static noinline struct module *load_module(void __user *umod,
        /* Now we've got everything in the final locations, we can
         * find optional sections. */
-        kp = section_objs(hdr, sechdrs, secstrings, "__param", sizeof(*kp),
+        mod->kp = section_objs(hdr, sechdrs, secstrings, "__param",
-                          &num_kp);
+                               sizeof(*mod->kp), &mod->num_kp);
        mod->syms = section_objs(hdr, sechdrs, secstrings, "__ksymtab",
                                 sizeof(*mod->syms), &mod->num_syms);
        mod->crcs = section_addr(hdr, sechdrs, secstrings, "__kcrctab");
@@ -2291,11 +2293,11 @@ static noinline struct module *load_module(void __user *umod,
         */
        list_add_rcu(&mod->list, &modules);
-        err = parse_args(mod->name, mod->args, kp, num_kp, NULL);
+        err = parse_args(mod->name, mod->args, mod->kp, mod->num_kp, NULL);
        if (err < 0)
                goto unlink;
-        err = mod_sysfs_setup(mod, kp, num_kp);
+        err = mod_sysfs_setup(mod, mod->kp, mod->num_kp);
        if (err < 0)
                goto unlink;
        add_sect_attrs(mod, hdr->e_shnum, secstrings, sechdrs);
author	Rusty Russell <rusty@rustcorp.com.au>	2009-03-31 15:05:29 -0400
committer	Rusty Russell <rusty@rustcorp.com.au>	2009-03-30 22:35:30 -0400
commit	e180a6b7759a99a28cbcce3547c4c80822cb6c2a (patch)
tree	d52b950935f3192d13bdd4ad9377b39bab21325e /kernel/module.c
parent	15f7176eb1cccec0a332541285ee752b935c1c85 (diff)