MIPS: Fix memory leak in error path of HI16/LO16 relocation handling.

Commit 6f5d2e970452b5c86906adcb8e7ad246f535ba39 (lmo) / 477c4b07 (kernel.org) [[MIPS: VPE: Free relocation chain on error.] fixed the same issue in the vpe loader in 2009 but back then the same bug in module.c went unfixed. Signed-off-by: Ralf Baechle <ralf@linux-mips.org> Reported-by: Akhilesh Kumar <akhilesh.lxr@gmail.com>

MIPS: Fix memory leak in error path of HI16/LO16 relocation handling.
Commit 6f5d2e970452b5c86906adcb8e7ad246f535ba39 (lmo) / 477c4b07 (kernel.org) [[MIPS: VPE: Free relocation chain on error.] fixed the same issue in the vpe loader in 2009 but back then the same bug in module.c went unfixed. Signed-off-by: Ralf Baechle <ralf@linux-mips.org> Reported-by: Akhilesh Kumar <akhilesh.lxr@gmail.com>
d3cac35c · Ralf Baechle · 143ec74e · d3cac35c
Commit d3cac35c authored Aug 08, 2012 by Ralf Baechle
Hide whitespace changes
Inline Side-by-side

Showing with 7 additions and 2 deletions

arch/mips/kernel/module.c arch/mips/kernel/module.c +7 -2

No files found.
--- a/arch/mips/kernel/module.c
+++ b/arch/mips/kernel/module.c
@@ -146,16 +146,15 @@ static int apply_r_mips_lo16_rel(struct module *me, u32 *location, Elf_Addr v)
 {
 	unsigned long insnlo = *location;
 	Elf_Addr val, vallo;
+	struct mips_hi16 *l, *next;
 	/* Sign extend the addend we extract from the lo insn.  */
 	vallo = ((insnlo & 0xffff) ^ 0x8000) - 0x8000;
 	if (mips_hi16_list != NULL) {
-		struct mips_hi16 *l;
 		l = mips_hi16_list;
 		while (l != NULL) {
-			struct mips_hi16 *next;
 			unsigned long insn;
 			/*
@@ -201,6 +200,12 @@ static int apply_r_mips_lo16_rel(struct module *me, u32 *location, Elf_Addr v)
 	return 0;
 out_danger:
+	while (l) {
+		next = l->next;
+		kfree(l);
+		l = next;
+	}
 	pr_err("module %s: dangerous R_MIPS_LO16 REL relocation\n", me->name);
 	return -ENOEXEC;