diff options
author | Rusty Russell <rusty@rustcorp.com.au> | 2009-10-29 15:56:16 +0100 |
---|---|---|
committer | Rusty Russell <rusty@rustcorp.com.au> | 2009-10-28 23:26:17 +0100 |
commit | 65afac7d80ab3bc9f81e75eafb71eeb92a3ebdef (patch) | |
tree | 544c1e9192d8e47f1d1b1d54e36365f393ec7be0 /include | |
parent | Merge git://git.kernel.org/pub/scm/linux/kernel/git/rusty/linux-2.6-for-linus (diff) | |
download | linux-65afac7d80ab3bc9f81e75eafb71eeb92a3ebdef.tar.xz linux-65afac7d80ab3bc9f81e75eafb71eeb92a3ebdef.zip |
param: fix lots of bugs with writing charp params from sysfs, by leaking mem.
e180a6b7759a "param: fix charp parameters set via sysfs" fixed the case
where charp parameters written via sysfs were freed, leaving drivers
accessing random memory.
Unfortunately, storing a flag in the kparam struct was a bad idea: it's
rodata so setting it causes an oops on some archs. But that's not all:
1) module_param_array() on charp doesn't work reliably, since we use an
uninitialized temporary struct kernel_param.
2) there's a fundamental race if a module uses this parameter and then
it's changed: they will still access the old, freed, memory.
The simplest fix (ie. for 2.6.32) is to never free the memory. This
prevents all these problems, at cost of a memory leak. In practice, there
are only 18 places where a charp is writable via sysfs, and all are
root-only writable.
Reported-by: Takashi Iwai <tiwai@suse.de>
Cc: Sitsofe Wheeler <sitsofe@yahoo.com>
Cc: Frederic Weisbecker <fweisbec@gmail.com>
Cc: Christof Schmitt <christof.schmitt@de.ibm.com>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Cc: stable@kernel.org
Diffstat (limited to 'include')
-rw-r--r-- | include/linux/moduleparam.h | 1 |
1 files changed, 0 insertions, 1 deletions
diff --git a/include/linux/moduleparam.h b/include/linux/moduleparam.h index 6547c3cdbc4c..82a9124f7d75 100644 --- a/include/linux/moduleparam.h +++ b/include/linux/moduleparam.h @@ -37,7 +37,6 @@ typedef int (*param_set_fn)(const char *val, struct kernel_param *kp); typedef int (*param_get_fn)(char *buffer, struct kernel_param *kp); /* Flag bits for kernel_param.flags */ -#define KPARAM_KMALLOCED 1 #define KPARAM_ISBOOL 2 struct kernel_param { |