params: Fix potential memory leak in add_sysfs_param()

On allocation failure, it would fail to free the old attrs array which was no longer referenced by anything (since it would free the old module_param_attrs struct on the way out). Comment the suspicious-looking krealloc() usage to explain why it *isn't* actually buggy, despite looking like a classic realloc() usage bug. Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
author: David Woodhouse <David.Woodhouse@intel.com> 2013-03-14 13:23:11 +0000
committer: David Woodhouse <David.Woodhouse@intel.com> 2013-03-18 11:40:21 +0000
commit: 63662139e519ce06090b2759cf4a1d291b9cc0e2 (patch)
tree: 65fe475f0f13719da4f78a85d44116a5c23ba7d1 /kernel/params.c
parent: fe9ab00f8354a4c388e30301859c5741590c3809 (diff)
download: linux-63662139e519ce06090b2759cf4a1d291b9cc0e2.tar.gz
1 files changed, 4 insertions, 1 deletions
diff --git a/kernel/params.c b/kernel/params.c
index ed35345be536..53b958fcd639 100644
--- a/kernel/params.c
+++ b/kernel/params.c
@@ -613,10 +613,13 @@ static __modinit int add_sysfs_param(struct module_kobject *mk,
 		       sizeof(*mk->mp) + sizeof(mk->mp->attrs[0]) * (num+1),
 		       GFP_KERNEL);
 	if (!new) {
-		kfree(mk->mp);
+		kfree(attrs);
 		err = -ENOMEM;
 		goto fail;
 	}
+	/* Despite looking like the typical realloc() bug, this is safe.
+	 * We *want* the old 'attrs' to be freed either way, and we'll store
+	 * the new one in the success case. */
 	attrs = krealloc(attrs, sizeof(new->grp.attrs[0])*(num+2), GFP_KERNEL);
 	if (!attrs) {
 		err = -ENOMEM;
author	David Woodhouse <David.Woodhouse@intel.com>	2013-03-14 13:23:11 +0000
committer	David Woodhouse <David.Woodhouse@intel.com>	2013-03-18 11:40:21 +0000
commit	63662139e519ce06090b2759cf4a1d291b9cc0e2 (patch)
tree	65fe475f0f13719da4f78a85d44116a5c23ba7d1 /kernel/params.c
parent	fe9ab00f8354a4c388e30301859c5741590c3809 (diff)
download	linux-63662139e519ce06090b2759cf4a1d291b9cc0e2.tar.gz