tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

riscv: Fix memory leak in module_frob_arch_sections()

The current code directly overwrites the scratch pointer with the
return value of kvrealloc(). If kvrealloc() fails and returns NULL,
the original buffer becomes unreachable, causing a memory leak.

Fix this by using a temporary variable to store kvrealloc()'s return
value and only update the scratch pointer on success.

Found via static anlaysis and this is similar to commit 42378a9ca553
("bpf, verifier: Fix memory leak in array reallocation for stack state")

Fixes: be17c0df6795 ("riscv: module: Optimize PLT/GOT entry counting")
Cc: stable@vger.kernel.org
Signed-off-by: Miaoqian Lin <linmq006@gmail.com>
Link: https://lore.kernel.org/r/20251026091912.39727-1-linmq006@gmail.com
Signed-off-by: Paul Walmsley <pjw@kernel.org>

authored by

Miaoqian Lin and committed by
Paul Walmsley c42458fc a74f038f

+6 -2
+6 -2
arch/riscv/kernel/module-sections.c
··· 119 119 unsigned int num_plts = 0; 120 120 unsigned int num_gots = 0; 121 121 Elf_Rela *scratch = NULL; 122 + Elf_Rela *new_scratch; 122 123 size_t scratch_size = 0; 123 124 int i; 124 125 ··· 169 168 scratch_size_needed = (num_scratch_relas + num_relas) * sizeof(*scratch); 170 169 if (scratch_size_needed > scratch_size) { 171 170 scratch_size = scratch_size_needed; 172 - scratch = kvrealloc(scratch, scratch_size, GFP_KERNEL); 173 - if (!scratch) 171 + new_scratch = kvrealloc(scratch, scratch_size, GFP_KERNEL); 172 + if (!new_scratch) { 173 + kvfree(scratch); 174 174 return -ENOMEM; 175 + } 176 + scratch = new_scratch; 175 177 } 176 178 177 179 for (size_t j = 0; j < num_relas; j++)