[PATCH v2 1/4] riscv: Fix module loading free order

From: Charlie Jenkins
Date: Wed Jan 03 2024 - 15:22:21 EST

Next message: Charlie Jenkins: "[PATCH v2 2/4] riscv: Correctly free relocation hashtable on error"
Previous message: Charlie Jenkins: "[PATCH v2 0/4] riscv: modules: Fix module loading error handling"
In reply to: Charlie Jenkins: "[PATCH v2 0/4] riscv: modules: Fix module loading error handling"
Next in thread: Charlie Jenkins: "[PATCH v2 2/4] riscv: Correctly free relocation hashtable on error"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Reverse order of kfree calls to resolve use-after-free error.

Signed-off-by: Charlie Jenkins <charlie@xxxxxxxxxxxx>
Fixes: d8792a5734b0 ("riscv: Safely remove entries from relocation list")
Reported-by: kernel test robot <lkp@xxxxxxxxx>
Reported-by: Dan Carpenter <error27@xxxxxxxxx>
Closes: https://lore.kernel.org/r/202312132019.iYGTwW0L-lkp@xxxxxxxxx/
Reported-by: kernel test robot <lkp@xxxxxxxxx>
Reported-by: Julia Lawall <julia.lawall@xxxxxxxx>
Closes: https://lore.kernel.org/r/202312120044.wTI1Uyaa-lkp@xxxxxxxxx/
---
arch/riscv/kernel/module.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/arch/riscv/kernel/module.c b/arch/riscv/kernel/module.c
index aac019ed63b1..21c7a773a8ef 100644
--- a/arch/riscv/kernel/module.c
+++ b/arch/riscv/kernel/module.c
@@ -723,8 +723,8 @@ static int add_relocation_to_accumulate(struct module *me, int type,

if (!bucket) {
kfree(entry);
- kfree(rel_head);
kfree(rel_head->rel_entry);
+ kfree(rel_head);
return -ENOMEM;
}

--
2.43.0

Next message: Charlie Jenkins: "[PATCH v2 2/4] riscv: Correctly free relocation hashtable on error"
Previous message: Charlie Jenkins: "[PATCH v2 0/4] riscv: modules: Fix module loading error handling"
In reply to: Charlie Jenkins: "[PATCH v2 0/4] riscv: modules: Fix module loading error handling"
Next in thread: Charlie Jenkins: "[PATCH v2 2/4] riscv: Correctly free relocation hashtable on error"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]