kernel/module/main.c | 1 + 1 file changed, 1 insertion(+)
When module load fails after memory for codetag section is ready,
codetag section memory will not be properly released. This
causes memory leak, and if next module load happens to get the
same module address, codetag may pick the uninitialized section
when manipulating tags during module unload, and leads to
"unable to handle page fault" BUG.
Closes: https://lore.kernel.org/all/20250516131246.6244-1-00107082@163.com/
Signed-off-by: David Wang <00107082@163.com>
Acked-by: Suren Baghdasaryan <surenb@google.com>
---
kernel/module/main.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/kernel/module/main.c b/kernel/module/main.c
index a2859dc3eea6..5c6ab20240a6 100644
--- a/kernel/module/main.c
+++ b/kernel/module/main.c
@@ -2829,6 +2829,7 @@ static void module_deallocate(struct module *mod, struct load_info *info)
{
percpu_modfree(mod);
module_arch_freeing_init(mod);
+ codetag_free_module_sections(mod);
free_mod_mem(mod);
}
--
2.39.2On Mon, May 19, 2025 at 9:38 AM David Wang <00107082@163.com> wrote:
>
> When module load fails after memory for codetag section is ready,
> codetag section memory will not be properly released. This
> causes memory leak, and if next module load happens to get the
> same module address, codetag may pick the uninitialized section
> when manipulating tags during module unload, and leads to
> "unable to handle page fault" BUG.
>
> Closes: https://lore.kernel.org/all/20250516131246.6244-1-00107082@163.com/
> Signed-off-by: David Wang <00107082@163.com>
> Acked-by: Suren Baghdasaryan <surenb@google.com>
Sending to Andrew for adding into the mm tree.
> ---
> kernel/module/main.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/kernel/module/main.c b/kernel/module/main.c
> index a2859dc3eea6..5c6ab20240a6 100644
> --- a/kernel/module/main.c
> +++ b/kernel/module/main.c
> @@ -2829,6 +2829,7 @@ static void module_deallocate(struct module *mod, struct load_info *info)
> {
> percpu_modfree(mod);
> module_arch_freeing_init(mod);
> + codetag_free_module_sections(mod);
>
> free_mod_mem(mod);
> }
> --
> 2.39.2
>
On Mon, May 19, 2025 at 9:46 AM Suren Baghdasaryan <surenb@google.com> wrote:
>
> On Mon, May 19, 2025 at 9:38 AM David Wang <00107082@163.com> wrote:
> >
> > When module load fails after memory for codetag section is ready,
> > codetag section memory will not be properly released. This
> > causes memory leak, and if next module load happens to get the
> > same module address, codetag may pick the uninitialized section
> > when manipulating tags during module unload, and leads to
> > "unable to handle page fault" BUG.
> >
Fixes: 0db6f8d7820a ("alloc_tag: load module tags into separate
contiguous memory")
> > Closes: https://lore.kernel.org/all/20250516131246.6244-1-00107082@163.com/
> > Signed-off-by: David Wang <00107082@163.com>
> > Acked-by: Suren Baghdasaryan <surenb@google.com>
>
> Sending to Andrew for adding into the mm tree.
>
> > ---
> > kernel/module/main.c | 1 +
> > 1 file changed, 1 insertion(+)
> >
> > diff --git a/kernel/module/main.c b/kernel/module/main.c
> > index a2859dc3eea6..5c6ab20240a6 100644
> > --- a/kernel/module/main.c
> > +++ b/kernel/module/main.c
> > @@ -2829,6 +2829,7 @@ static void module_deallocate(struct module *mod, struct load_info *info)
> > {
> > percpu_modfree(mod);
> > module_arch_freeing_init(mod);
> > + codetag_free_module_sections(mod);
> >
> > free_mod_mem(mod);
> > }
> > --
> > 2.39.2
> >
© 2016 - 2025 Red Hat, Inc.