• Rusty Russell's avatar
    param: fix lots of bugs with writing charp params from sysfs, by leaking mem. · 65afac7d
    Rusty Russell authored
    e180a6b7 "param: fix charp parameters set via sysfs" fixed the case
    where charp parameters written via sysfs were freed, leaving drivers
    accessing random memory.
    
    Unfortunately, storing a flag in the kparam struct was a bad idea: it's
    rodata so setting it causes an oops on some archs.  But that's not all:
    
    1) module_param_array() on charp doesn't work reliably, since we use an
       uninitialized temporary struct kernel_param.
    2) there's a fundamental race if a module uses this parameter and then
       it's changed: they will still access the old, freed, memory.
    
    The simplest fix (ie. for 2.6.32) is to never free the memory.  This
    prevents all these problems, at cost of a memory leak.  In practice, there
    are only 18 places where a charp is writable via sysfs, and all are
    root-only writable.
    Reported-by: default avatarTakashi Iwai <tiwai@suse.de>
    Cc: Sitsofe Wheeler <sitsofe@yahoo.com>
    Cc: Frederic Weisbecker <fweisbec@gmail.com>
    Cc: Christof Schmitt <christof.schmitt@de.ibm.com>
    Signed-off-by: default avatarRusty Russell <rusty@rustcorp.com.au>
    Cc: stable@kernel.org
    65afac7d
params.c 18.3 KB