params: Fix potential memory leak in add_sysfs_param()

On allocation failure, it would fail to free the old attrs array which was no longer referenced by anything (since it would free the old module_param_attrs struct on the way out). Comment the suspicious-looking krealloc() usage to explain why it *isn't* actually buggy, despite looking like a classic realloc() usage bug. Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

params: Fix potential memory leak in add_sysfs_param()
On allocation failure, it would fail to free the old attrs array which was no longer referenced by anything (since it would free the old module_param_attrs struct on the way out). Comment the suspicious-looking krealloc() usage to explain why it *isn't* actually buggy, despite looking like a classic realloc() usage bug. Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
David Woodhouse
1 parent fe9ab00f83
Showing 1 changed file with 4 additions and 1 deletions Side-by-side Diff
kernel/params.c
@@ -613,10 +613,13 @@
 		       sizeof(*mk->mp) + sizeof(mk->mp->attrs[0]) * (num+1),
 		       GFP_KERNEL);
 	if (!new) {
-		kfree(mk->mp);
+		kfree(attrs);
 		err = -ENOMEM;
 		goto fail;
 	}
+	/* Despite looking like the typical realloc() bug, this is safe.
+	 * We *want* the old 'attrs' to be freed either way, and we'll store
+	 * the new one in the success case. */
 	attrs = krealloc(attrs, sizeof(new->grp.attrs[0])*(num+2), GFP_KERNEL);
 	if (!attrs) {
 		err = -ENOMEM;
...	...	@@ -613,10 +613,13 @@
613	613	sizeof(mk->mp) + sizeof(mk->mp->attrs[0]) (num+1),
614	614	GFP_KERNEL);
615	615	if (!new) {
616		- kfree(mk->mp);
	616	+ kfree(attrs);
617	617	err = -ENOMEM;
618	618	goto fail;
619	619	}
	620	+ /* Despite looking like the typical realloc() bug, this is safe.
	621	+ * We want the old 'attrs' to be freed either way, and we'll store
	622	+ * the new one in the success case. */
620	623	attrs = krealloc(attrs, sizeof(new->grp.attrs[0])*(num+2), GFP_KERNEL);
621	624	if (!attrs) {
622	625	err = -ENOMEM;