1 files changed, 88 insertions, 52 deletions
diff --git a/kernel/module.c b/kernel/module.c
index 3965511ae133..8426ad48362c 100644
--- a/kernel/module.c
+++ b/kernel/module.c
@@ -56,6 +56,7 @@
 #include <linux/async.h>
 #include <linux/percpu.h>
 #include <linux/kmemleak.h>
+#include <linux/kasan.h>
 #include <linux/jump_label.h>
 #include <linux/pfn.h>
 #include <linux/bsearch.h>
@@ -772,9 +773,18 @@ static int try_stop_module(struct module *mod, int flags, int *forced)
        return 0;
 }
-unsigned long module_refcount(struct module *mod)
+/**
+ * module_refcount - return the refcount or -1 if unloading
+ *
+ * @mod:        the module we're checking
+ *
+ * Returns:
+ *      -1 if the module is in the process of unloading
+ *      otherwise the number of references in the kernel to the module
+ */
+int module_refcount(struct module *mod)
 {
-        return (unsigned long)atomic_read(&mod->refcnt) - MODULE_REF_BASE;
+        return atomic_read(&mod->refcnt) - MODULE_REF_BASE;
 }
 EXPORT_SYMBOL(module_refcount);
@@ -856,7 +866,7 @@ static inline void print_unload_info(struct seq_file *m, struct module *mod)
        struct module_use *use;
        int printed_something = 0;
-        seq_printf(m, " %lu ", module_refcount(mod));
+        seq_printf(m, " %i ", module_refcount(mod));
        /*
         * Always include a trailing , so userspace can differentiate
@@ -908,7 +918,7 @@ EXPORT_SYMBOL_GPL(symbol_put_addr);
 static ssize_t show_refcnt(struct module_attribute *mattr,
                           struct module_kobject *mk, char *buffer)
 {
-        return sprintf(buffer, "%lu\n", module_refcount(mk->mod));
+        return sprintf(buffer, "%i\n", module_refcount(mk->mod));
 }
 static struct module_attribute modinfo_refcnt =
@@ -1216,6 +1226,12 @@ static const struct kernel_symbol *resolve_symbol(struct module *mod,
        const unsigned long *crc;
        int err;
+        /*
+         * The module_mutex should not be a heavily contended lock;
+         * if we get the occasional sleep here, we'll go an extra iteration
+         * in the wait_event_interruptible(), which is harmless.
+         */
+        sched_annotate_sleep();
        mutex_lock(&module_mutex);
        sym = find_symbol(name, &owner, &crc,
                          !(mod->taints & (1 << TAINT_PROPRIETARY_MODULE)), true);
@@ -1795,15 +1811,20 @@ static void unset_module_core_ro_nx(struct module *mod) { }
 static void unset_module_init_ro_nx(struct module *mod) { }
 #endif
-void __weak module_free(struct module *mod, void *module_region)
+void __weak module_memfree(void *module_region)
 {
        vfree(module_region);
+        kasan_module_free(module_region);
 }
 void __weak module_arch_cleanup(struct module *mod)
 {
 }
+void __weak module_arch_freeing_init(struct module *mod)
+{
+}
 /* Free a module, remove from lists, etc. */
 static void free_module(struct module *mod)
 {
@@ -1841,7 +1862,8 @@ static void free_module(struct module *mod)
        /* This may be NULL, but that's OK */
        unset_module_init_ro_nx(mod);
-        module_free(mod, mod->module_init);
+        module_arch_freeing_init(mod);
+        module_memfree(mod->module_init);
        kfree(mod->args);
        percpu_modfree(mod);
@@ -1850,7 +1872,7 @@ static void free_module(struct module *mod)
        /* Finally, free the core (containing the module structure) */
        unset_module_core_ro_nx(mod);
-        module_free(mod, mod->module_core);
+        module_memfree(mod->module_core);
 #ifdef CONFIG_MPU
        update_protections(current->mm);
@@ -2785,7 +2807,7 @@ static int move_module(struct module *mod, struct load_info *info)
                 */
                kmemleak_ignore(ptr);
                if (!ptr) {
-                        module_free(mod, mod->module_core);
+                        module_memfree(mod->module_core);
                        return -ENOMEM;
                }
                memset(ptr, 0, mod->init_size);
@@ -2930,8 +2952,9 @@ static struct module *layout_and_allocate(struct load_info *info, int flags)
 static void module_deallocate(struct module *mod, struct load_info *info)
 {
        percpu_modfree(mod);
-        module_free(mod, mod->module_init);
+        module_arch_freeing_init(mod);
-        module_free(mod, mod->module_core);
+        module_memfree(mod->module_init);
+        module_memfree(mod->module_core);
 }
 int __weak module_finalize(const Elf_Ehdr *hdr,
@@ -2963,6 +2986,12 @@ static bool finished_loading(const char *name)
        struct module *mod;
        bool ret;
+        /*
+         * The module_mutex should not be a heavily contended lock;
+         * if we get the occasional sleep here, we'll go an extra iteration
+         * in the wait_event_interruptible(), which is harmless.
+         */
+        sched_annotate_sleep();
        mutex_lock(&module_mutex);
        mod = find_module_all(name, strlen(name), true);
        ret = !mod || mod->state == MODULE_STATE_LIVE
@@ -2983,10 +3012,31 @@ static void do_mod_ctors(struct module *mod)
 #endif
 }
+/* For freeing module_init on success, in case kallsyms traversing */
+struct mod_initfree {
+        struct rcu_head rcu;
+        void *module_init;
+};
+static void do_free_init(struct rcu_head *head)
+{
+        struct mod_initfree *m = container_of(head, struct mod_initfree, rcu);
+        module_memfree(m->module_init);
+        kfree(m);
+}
 /* This is where the real work happens */
 static int do_init_module(struct module *mod)
 {
        int ret = 0;
+        struct mod_initfree *freeinit;
+        freeinit = kmalloc(sizeof(*freeinit), GFP_KERNEL);
+        if (!freeinit) {
+                ret = -ENOMEM;
+                goto fail;
+        }
+        freeinit->module_init = mod->module_init;
        /*
         * We want to find out whether @mod uses async during init.  Clear
@@ -2999,18 +3049,7 @@ static int do_init_module(struct module *mod)
        if (mod->init != NULL)
                ret = do_one_initcall(mod->init);
        if (ret < 0) {
-                /*
+                goto fail_free_freeinit;
-                 * Init routine failed: abort.  Try to protect us from
-                 * buggy refcounters.
-                 */
-                mod->state = MODULE_STATE_GOING;
-                synchronize_sched();
-                module_put(mod);
-                blocking_notifier_call_chain(&module_notify_list,
-                                             MODULE_STATE_GOING, mod);
-                free_module(mod);
-                wake_up_all(&module_wq);
-                return ret;
        }
        if (ret > 0) {
                pr_warn("%s: '%s'->init suspiciously returned %d, it should "
@@ -3055,15 +3094,35 @@ static int do_init_module(struct module *mod)
        mod->strtab = mod->core_strtab;
 #endif
        unset_module_init_ro_nx(mod);
-        module_free(mod, mod->module_init);
+        module_arch_freeing_init(mod);
        mod->module_init = NULL;
        mod->init_size = 0;
        mod->init_ro_size = 0;
        mod->init_text_size = 0;
+        /*
+         * We want to free module_init, but be aware that kallsyms may be
+         * walking this with preempt disabled.  In all the failure paths,
+         * we call synchronize_rcu/synchronize_sched, but we don't want
+         * to slow down the success path, so use actual RCU here.
+         */
+        call_rcu(&freeinit->rcu, do_free_init);
        mutex_unlock(&module_mutex);
        wake_up_all(&module_wq);
        return 0;
+fail_free_freeinit:
+        kfree(freeinit);
+fail:
+        /* Try to protect us from buggy refcounters. */
+        mod->state = MODULE_STATE_GOING;
+        synchronize_sched();
+        module_put(mod);
+        blocking_notifier_call_chain(&module_notify_list,
+                                     MODULE_STATE_GOING, mod);
+        free_module(mod);
+        wake_up_all(&module_wq);
+        return ret;
 }
 static int may_init_module(void)
@@ -3075,32 +3134,6 @@ static int may_init_module(void)
 }
 /*
- * Can't use wait_event_interruptible() because our condition
- * 'finished_loading()' contains a blocking primitive itself (mutex_lock).
- */
-static int wait_finished_loading(struct module *mod)
-{
-        DEFINE_WAIT_FUNC(wait, woken_wake_function);
-        int ret = 0;
-        add_wait_queue(&module_wq, &wait);
-        for (;;) {
-                if (finished_loading(mod->name))
-                        break;
-                if (signal_pending(current)) {
-                        ret = -ERESTARTSYS;
-                        break;
-                }
-                wait_woken(&wait, TASK_INTERRUPTIBLE, MAX_SCHEDULE_TIMEOUT);
-        }
-        remove_wait_queue(&module_wq, &wait);
-        return ret;
-}
-/*
 * We try to place it in the list now to make sure it's unique before
 * we dedicate too many resources.  In particular, temporary percpu
 * memory exhaustion.
@@ -3120,8 +3153,8 @@ again:
                    || old->state == MODULE_STATE_UNFORMED) {
                        /* Wait in case it fails to load. */
                        mutex_unlock(&module_mutex);
+                        err = wait_event_interruptible(module_wq,
-                        err = wait_finished_loading(mod);
+                                               finished_loading(mod->name));
                        if (err)
                                goto out_unlocked;
                        goto again;
@@ -3220,7 +3253,7 @@ static int load_module(struct load_info *info, const char __user *uargs,
        mod->sig_ok = info->sig_ok;
        if (!mod->sig_ok) {
                pr_notice_once("%s: module verification failed: signature "
-                               "and/or  required key missing - tainting "
+                               "and/or required key missing - tainting "
                               "kernel\n", mod->name);
                add_taint_module(mod, TAINT_UNSIGNED_MODULE, LOCKDEP_STILL_OK);
        }
@@ -3311,6 +3344,9 @@ static int load_module(struct load_info *info, const char __user *uargs,
        module_bug_cleanup(mod);
        mutex_unlock(&module_mutex);
+        /* Free lock-classes: */
+        lockdep_free_key_range(mod->module_core, mod->core_size);
        /* we can't deallocate the module until we clear memory protection */
        unset_module_init_ro_nx(mod);
        unset_module_core_ro_nx(mod);

diff --git a/kernel/module.c b/kernel/module.c index 3965511ae133..8426ad48362c 100644 --- a/kernel/module.c +++ b/kernel/module.c
@@ -56,6 +56,7 @@
56	#include <linux/async.h>	56	#include <linux/async.h>
57	#include <linux/percpu.h>	57	#include <linux/percpu.h>
58	#include <linux/kmemleak.h>	58	#include <linux/kmemleak.h>
		59	#include <linux/kasan.h>
59	#include <linux/jump_label.h>	60	#include <linux/jump_label.h>
60	#include <linux/pfn.h>	61	#include <linux/pfn.h>
61	#include <linux/bsearch.h>	62	#include <linux/bsearch.h>
@@ -772,9 +773,18 @@ static int try_stop_module(struct module mod, int flags, int forced)
772	return 0;	773	return 0;
773	}	774	}
774		775
775	unsigned long module_refcount(struct module *mod)	776	/**
		777	* module_refcount - return the refcount or -1 if unloading
		778	*
		779	* @mod: the module we're checking
		780	*
		781	* Returns:
		782	* -1 if the module is in the process of unloading
		783	* otherwise the number of references in the kernel to the module
		784	*/
		785	int module_refcount(struct module *mod)
776	{	786	{
777	return (unsigned long)atomic_read(&mod->refcnt) - MODULE_REF_BASE;	787	return atomic_read(&mod->refcnt) - MODULE_REF_BASE;
778	}	788	}
779	EXPORT_SYMBOL(module_refcount);	789	EXPORT_SYMBOL(module_refcount);
780		790
@@ -856,7 +866,7 @@ static inline void print_unload_info(struct seq_file m, struct module mod)
856	struct module_use *use;	866	struct module_use *use;
857	int printed_something = 0;	867	int printed_something = 0;
858		868
859	seq_printf(m, " %lu ", module_refcount(mod));	869	seq_printf(m, " %i ", module_refcount(mod));
860		870
861	/*	871	/*
862	* Always include a trailing , so userspace can differentiate	872	* Always include a trailing , so userspace can differentiate
@@ -908,7 +918,7 @@ EXPORT_SYMBOL_GPL(symbol_put_addr);
908	static ssize_t show_refcnt(struct module_attribute *mattr,	918	static ssize_t show_refcnt(struct module_attribute *mattr,
909	struct module_kobject mk, char buffer)	919	struct module_kobject mk, char buffer)
910	{	920	{
911	return sprintf(buffer, "%lu\n", module_refcount(mk->mod));	921	return sprintf(buffer, "%i\n", module_refcount(mk->mod));
912	}	922	}
913		923
914	static struct module_attribute modinfo_refcnt =	924	static struct module_attribute modinfo_refcnt =
@@ -1216,6 +1226,12 @@ static const struct kernel_symbol resolve_symbol(struct module mod,
1216	const unsigned long *crc;	1226	const unsigned long *crc;
1217	int err;	1227	int err;
1218		1228
		1229	/*
		1230	* The module_mutex should not be a heavily contended lock;
		1231	* if we get the occasional sleep here, we'll go an extra iteration
		1232	* in the wait_event_interruptible(), which is harmless.
		1233	*/
		1234	sched_annotate_sleep();
1219	mutex_lock(&module_mutex);	1235	mutex_lock(&module_mutex);
1220	sym = find_symbol(name, &owner, &crc,	1236	sym = find_symbol(name, &owner, &crc,
1221	!(mod->taints & (1 << TAINT_PROPRIETARY_MODULE)), true);	1237	!(mod->taints & (1 << TAINT_PROPRIETARY_MODULE)), true);
@@ -1795,15 +1811,20 @@ static void unset_module_core_ro_nx(struct module *mod) { }
1795	static void unset_module_init_ro_nx(struct module *mod) { }	1811	static void unset_module_init_ro_nx(struct module *mod) { }
1796	#endif	1812	#endif
1797		1813
1798	void __weak module_free(struct module mod, void module_region)	1814	void __weak module_memfree(void *module_region)
1799	{	1815	{
1800	vfree(module_region);	1816	vfree(module_region);
		1817	kasan_module_free(module_region);
1801	}	1818	}
1802		1819
1803	void __weak module_arch_cleanup(struct module *mod)	1820	void __weak module_arch_cleanup(struct module *mod)
1804	{	1821	{
1805	}	1822	}
1806		1823
		1824	void __weak module_arch_freeing_init(struct module *mod)
		1825	{
		1826	}
		1827
1807	/* Free a module, remove from lists, etc. */	1828	/* Free a module, remove from lists, etc. */
1808	static void free_module(struct module *mod)	1829	static void free_module(struct module *mod)
1809	{	1830	{
@@ -1841,7 +1862,8 @@ static void free_module(struct module *mod)
1841		1862
1842	/* This may be NULL, but that's OK */	1863	/* This may be NULL, but that's OK */
1843	unset_module_init_ro_nx(mod);	1864	unset_module_init_ro_nx(mod);
1844	module_free(mod, mod->module_init);	1865	module_arch_freeing_init(mod);
		1866	module_memfree(mod->module_init);
1845	kfree(mod->args);	1867	kfree(mod->args);
1846	percpu_modfree(mod);	1868	percpu_modfree(mod);
1847		1869
@@ -1850,7 +1872,7 @@ static void free_module(struct module *mod)
1850		1872
1851	/* Finally, free the core (containing the module structure) */	1873	/* Finally, free the core (containing the module structure) */
1852	unset_module_core_ro_nx(mod);	1874	unset_module_core_ro_nx(mod);
1853	module_free(mod, mod->module_core);	1875	module_memfree(mod->module_core);
1854		1876
1855	#ifdef CONFIG_MPU	1877	#ifdef CONFIG_MPU
1856	update_protections(current->mm);	1878	update_protections(current->mm);
@@ -2785,7 +2807,7 @@ static int move_module(struct module mod, struct load_info info)
2785	*/	2807	*/
2786	kmemleak_ignore(ptr);	2808	kmemleak_ignore(ptr);
2787	if (!ptr) {	2809	if (!ptr) {
2788	module_free(mod, mod->module_core);	2810	module_memfree(mod->module_core);
2789	return -ENOMEM;	2811	return -ENOMEM;
2790	}	2812	}
2791	memset(ptr, 0, mod->init_size);	2813	memset(ptr, 0, mod->init_size);
@@ -2930,8 +2952,9 @@ static struct module layout_and_allocate(struct load_info info, int flags)
2930	static void module_deallocate(struct module mod, struct load_info info)	2952	static void module_deallocate(struct module mod, struct load_info info)
2931	{	2953	{
2932	percpu_modfree(mod);	2954	percpu_modfree(mod);
2933	module_free(mod, mod->module_init);	2955	module_arch_freeing_init(mod);
2934	module_free(mod, mod->module_core);	2956	module_memfree(mod->module_init);
		2957	module_memfree(mod->module_core);
2935	}	2958	}
2936		2959
2937	int __weak module_finalize(const Elf_Ehdr *hdr,	2960	int __weak module_finalize(const Elf_Ehdr *hdr,
@@ -2963,6 +2986,12 @@ static bool finished_loading(const char *name)
2963	struct module *mod;	2986	struct module *mod;
2964	bool ret;	2987	bool ret;
2965		2988
		2989	/*
		2990	* The module_mutex should not be a heavily contended lock;
		2991	* if we get the occasional sleep here, we'll go an extra iteration
		2992	* in the wait_event_interruptible(), which is harmless.
		2993	*/
		2994	sched_annotate_sleep();
2966	mutex_lock(&module_mutex);	2995	mutex_lock(&module_mutex);
2967	mod = find_module_all(name, strlen(name), true);	2996	mod = find_module_all(name, strlen(name), true);
2968	ret = !mod \|\| mod->state == MODULE_STATE_LIVE	2997	ret = !mod \|\| mod->state == MODULE_STATE_LIVE
@@ -2983,10 +3012,31 @@ static void do_mod_ctors(struct module *mod)
2983	#endif	3012	#endif
2984	}	3013	}
2985		3014
		3015	/* For freeing module_init on success, in case kallsyms traversing */
		3016	struct mod_initfree {
		3017	struct rcu_head rcu;
		3018	void *module_init;
		3019	};
		3020
		3021	static void do_free_init(struct rcu_head *head)
		3022	{
		3023	struct mod_initfree *m = container_of(head, struct mod_initfree, rcu);
		3024	module_memfree(m->module_init);
		3025	kfree(m);
		3026	}
		3027
2986	/* This is where the real work happens */	3028	/* This is where the real work happens */
2987	static int do_init_module(struct module *mod)	3029	static int do_init_module(struct module *mod)
2988	{	3030	{
2989	int ret = 0;	3031	int ret = 0;
		3032	struct mod_initfree *freeinit;
		3033
		3034	freeinit = kmalloc(sizeof(*freeinit), GFP_KERNEL);
		3035	if (!freeinit) {
		3036	ret = -ENOMEM;
		3037	goto fail;
		3038	}
		3039	freeinit->module_init = mod->module_init;
2990		3040
2991	/*	3041	/*
2992	* We want to find out whether @mod uses async during init. Clear	3042	* We want to find out whether @mod uses async during init. Clear
@@ -2999,18 +3049,7 @@ static int do_init_module(struct module *mod)
2999	if (mod->init != NULL)	3049	if (mod->init != NULL)
3000	ret = do_one_initcall(mod->init);	3050	ret = do_one_initcall(mod->init);
3001	if (ret < 0) {	3051	if (ret < 0) {
3002	/*	3052	goto fail_free_freeinit;
3003	* Init routine failed: abort. Try to protect us from
3004	* buggy refcounters.
3005	*/
3006	mod->state = MODULE_STATE_GOING;
3007	synchronize_sched();
3008	module_put(mod);
3009	blocking_notifier_call_chain(&module_notify_list,
3010	MODULE_STATE_GOING, mod);
3011	free_module(mod);
3012	wake_up_all(&module_wq);
3013	return ret;
3014	}	3053	}
3015	if (ret > 0) {	3054	if (ret > 0) {
3016	pr_warn("%s: '%s'->init suspiciously returned %d, it should "	3055	pr_warn("%s: '%s'->init suspiciously returned %d, it should "
@@ -3055,15 +3094,35 @@ static int do_init_module(struct module *mod)
3055	mod->strtab = mod->core_strtab;	3094	mod->strtab = mod->core_strtab;
3056	#endif	3095	#endif
3057	unset_module_init_ro_nx(mod);	3096	unset_module_init_ro_nx(mod);
3058	module_free(mod, mod->module_init);	3097	module_arch_freeing_init(mod);
3059	mod->module_init = NULL;	3098	mod->module_init = NULL;
3060	mod->init_size = 0;	3099	mod->init_size = 0;
3061	mod->init_ro_size = 0;	3100	mod->init_ro_size = 0;
3062	mod->init_text_size = 0;	3101	mod->init_text_size = 0;
		3102	/*
		3103	* We want to free module_init, but be aware that kallsyms may be
		3104	* walking this with preempt disabled. In all the failure paths,
		3105	* we call synchronize_rcu/synchronize_sched, but we don't want
		3106	* to slow down the success path, so use actual RCU here.
		3107	*/
		3108	call_rcu(&freeinit->rcu, do_free_init);
3063	mutex_unlock(&module_mutex);	3109	mutex_unlock(&module_mutex);
3064	wake_up_all(&module_wq);	3110	wake_up_all(&module_wq);
3065		3111
3066	return 0;	3112	return 0;
		3113
		3114	fail_free_freeinit:
		3115	kfree(freeinit);
		3116	fail:
		3117	/* Try to protect us from buggy refcounters. */
		3118	mod->state = MODULE_STATE_GOING;
		3119	synchronize_sched();
		3120	module_put(mod);
		3121	blocking_notifier_call_chain(&module_notify_list,
		3122	MODULE_STATE_GOING, mod);
		3123	free_module(mod);
		3124	wake_up_all(&module_wq);
		3125	return ret;
3067	}	3126	}
3068		3127
3069	static int may_init_module(void)	3128	static int may_init_module(void)
@@ -3075,32 +3134,6 @@ static int may_init_module(void)
3075	}	3134	}
3076		3135
3077	/*	3136	/*
3078	* Can't use wait_event_interruptible() because our condition
3079	* 'finished_loading()' contains a blocking primitive itself (mutex_lock).
3080	*/
3081	static int wait_finished_loading(struct module *mod)
3082	{
3083	DEFINE_WAIT_FUNC(wait, woken_wake_function);
3084	int ret = 0;
3085
3086	add_wait_queue(&module_wq, &wait);
3087	for (;;) {
3088	if (finished_loading(mod->name))
3089	break;
3090
3091	if (signal_pending(current)) {
3092	ret = -ERESTARTSYS;
3093	break;
3094	}
3095
3096	wait_woken(&wait, TASK_INTERRUPTIBLE, MAX_SCHEDULE_TIMEOUT);
3097	}
3098	remove_wait_queue(&module_wq, &wait);
3099
3100	return ret;
3101	}
3102
3103	/*
3104	* We try to place it in the list now to make sure it's unique before	3137	* We try to place it in the list now to make sure it's unique before
3105	* we dedicate too many resources. In particular, temporary percpu	3138	* we dedicate too many resources. In particular, temporary percpu
3106	* memory exhaustion.	3139	* memory exhaustion.
@@ -3120,8 +3153,8 @@ again:
3120	\|\| old->state == MODULE_STATE_UNFORMED) {	3153	\|\| old->state == MODULE_STATE_UNFORMED) {
3121	/* Wait in case it fails to load. */	3154	/* Wait in case it fails to load. */
3122	mutex_unlock(&module_mutex);	3155	mutex_unlock(&module_mutex);
3123		3156	err = wait_event_interruptible(module_wq,
3124	err = wait_finished_loading(mod);	3157	finished_loading(mod->name));
3125	if (err)	3158	if (err)
3126	goto out_unlocked;	3159	goto out_unlocked;
3127	goto again;	3160	goto again;
@@ -3220,7 +3253,7 @@ static int load_module(struct load_info info, const char __user uargs,
3220	mod->sig_ok = info->sig_ok;	3253	mod->sig_ok = info->sig_ok;
3221	if (!mod->sig_ok) {	3254	if (!mod->sig_ok) {
3222	pr_notice_once("%s: module verification failed: signature "	3255	pr_notice_once("%s: module verification failed: signature "
3223	"and/or required key missing - tainting "	3256	"and/or required key missing - tainting "
3224	"kernel\n", mod->name);	3257	"kernel\n", mod->name);
3225	add_taint_module(mod, TAINT_UNSIGNED_MODULE, LOCKDEP_STILL_OK);	3258	add_taint_module(mod, TAINT_UNSIGNED_MODULE, LOCKDEP_STILL_OK);
3226	}	3259	}
@@ -3311,6 +3344,9 @@ static int load_module(struct load_info info, const char __user uargs,
3311	module_bug_cleanup(mod);	3344	module_bug_cleanup(mod);
3312	mutex_unlock(&module_mutex);	3345	mutex_unlock(&module_mutex);
3313		3346
		3347	/* Free lock-classes: */
		3348	lockdep_free_key_range(mod->module_core, mod->core_size);
		3349
3314	/* we can't deallocate the module until we clear memory protection */	3350	/* we can't deallocate the module until we clear memory protection */
3315	unset_module_init_ro_nx(mod);	3351	unset_module_init_ro_nx(mod);
3316	unset_module_core_ro_nx(mod);	3352	unset_module_core_ro_nx(mod);