[PATCH 2/2] param: initialize flags when processing array.

[Rusty Russell]

We create a dummy struct kernel_param on the stack for parsing each
array element, but we didn't initialize the flags word.

This means that it might appear to be kmalloced, and hence be freed,
and also an array of bool which were actually bool (rather than the
historically-allowed int) would not be parsed correctly.

Note that if it *is* kmalloced, the KPARAM_KMALLOCED flag is set in
the dummy flags and thrown away, so we leak memory.  Only one place
has a writable charp array though, and this is no worse than current
behavior.

Reported-by: Takashi Iwai <tiwai@xxxxxxx>
Signed-off-by: Rusty Russell <rusty@xxxxxxxxxxxxxxx>

diff --git a/kernel/params.c b/kernel/params.c
--- a/kernel/params.c
+++ b/kernel/params.c
@@ -304,6 +304,7 @@ static int param_array(const char *name,
 		       unsigned int min, unsigned int max,
 		       void *elem, int elemsize,
 		       int (*set)(const char *, struct kernel_param *kp),
+		       u16 flags,
 		       unsigned int *num)
 {
 	int ret;
@@ -313,6 +314,8 @@ static int param_array(const char *name,
 	/* Get the name right for errors. */
 	kp.name = name;
 	kp.arg = elem;
+	/* FIXME: this causes a leak for writing arrays of charp! */
+	kp.flags = flags;
 
 	/* No equals sign? */
 	if (!val) {
@@ -358,7 +361,8 @@ int param_array_set(const char *val, str
 	unsigned int temp_num;
 
 	return param_array(kp->name, val, 1, arr->max, arr->elem,
-			   arr->elemsize, arr->set, arr->num ?: &temp_num);
+			   arr->elemsize, arr->set, kp->flags,
+			   arr->num ?: &temp_num);
 }
 
 int param_array_get(char *buffer, struct kernel_param *kp)
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/