Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit d3cac35c authored by Ralf Baechle's avatar Ralf Baechle
Browse files

MIPS: Fix memory leak in error path of HI16/LO16 relocation handling. 



Commit 6f5d2e970452b5c86906adcb8e7ad246f535ba39 (lmo) /
477c4b07 (kernel.org) [[MIPS: VPE: Free
relocation chain on error.] fixed the same issue in the vpe loader in 2009
but back then the same bug in module.c went unfixed.

Signed-off-by: default avatarRalf Baechle <ralf@linux-mips.org>
Reported-by: default avatarAkhilesh Kumar <akhilesh.lxr@gmail.com>
parent 143ec74e

arch/mips/kernel/module.c

+7 −2
Original line number Diff line number Diff line
@@ -146,16 +146,15 @@ static int apply_r_mips_lo16_rel(struct module *me, u32 *location, Elf_Addr v) 
{

	unsigned long insnlo = *location;

	Elf_Addr val, vallo;

	struct mips_hi16 *l, *next;



	/* Sign extend the addend we extract from the lo insn.  */

	vallo = ((insnlo & 0xffff) ^ 0x8000) - 0x8000;



	if (mips_hi16_list != NULL) {

		struct mips_hi16 *l;



		l = mips_hi16_list;

		while (l != NULL) {

			struct mips_hi16 *next;

			unsigned long insn;



			/*
@@ -201,6 +200,12 @@ static int apply_r_mips_lo16_rel(struct module *me, u32 *location, Elf_Addr v) 
	return 0;



out_danger:

	while (l) {

		next = l->next;

		kfree(l);

		l = next;

	}



	pr_err("module %s: dangerous R_MIPS_LO16 REL relocation\n", me->name);



	return -ENOEXEC;