Re: [PATCH] kexec: prevent double free on image allocation failure

From: Zhang Yanfei
Date: Thu Feb 21 2013 - 22:01:14 EST

Next message: Kim Phillips: "Re: [RFC] arm: use built-in byte swap function"
Previous message: Ric Mason: "Re: [PATCHv5 2/8] zsmalloc: add documentation"
In reply to: Sasha Levin: "Re: [PATCH] kexec: prevent double free on image allocation failure"
Next in thread: Sasha Levin: "Re: [PATCH] kexec: prevent double free on image allocation failure"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

于 2013年02月22日 09:55, Eric W. Biederman 写道:
> Sasha Levin <sasha.levin@xxxxxxxxxx> writes:
>
>> If kimage_normal_alloc() fails to initialize an allocated kimage, it will free
>> the image but would still set 'rimage', as a result kexec_load will try
>> to free it again.
>>
>> This would explode as part of the freeing process is accessing internal
>> members which point to uninitialized memory.
>
> Agreed.
>
> I don't think that failure path has ever actually been exercised.
>
> The code is wrong, and it is worth fixing.
>
> Andrew I do you think you could queue this up? I don't have a handy tree.

I still found another malloc/free problem in this function. So I update the patch.

---------------------

Next message: Kim Phillips: "Re: [RFC] arm: use built-in byte swap function"
Previous message: Ric Mason: "Re: [PATCHv5 2/8] zsmalloc: add documentation"
In reply to: Sasha Levin: "Re: [PATCH] kexec: prevent double free on image allocation failure"
Next in thread: Sasha Levin: "Re: [PATCH] kexec: prevent double free on image allocation failure"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]