[PATCH 01/13] kexec: fix possible memory leak in check_reuse_initrd

[PATCH 01/13] kexec: fix possible memory leak in check_reuse_initrd

[Zhang Yanfei]

From: Zhang Yanfei <zhangyanfei@cn.fujitsu.com>

If the if test is ok, then it will call die() to exit the process,
so freeing line will not be reached, causing memory leak. Fix this.

Signed-off-by: Zhang Yanfei <zhangyanfei@cn.fujitsu.com>
---
 kexec/kexec.c |    8 +++++---
 1 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/kexec/kexec.c b/kexec/kexec.c
index f3928af..6575ada 100644
--- a/kexec/kexec.c
+++ b/kexec/kexec.c
@@ -1020,13 +1020,15 @@ char *get_command_line(void)
 /* check we retained the initrd */
 static void check_reuse_initrd(void)
 {
+	char *str = NULL;
 	char *line = get_command_line();
 
-	if (strstr(line, "retain_initrd") == NULL)
+	str = strstr(line, "retain_initrd");
+	free(line);
+
+	if (str == NULL)
 		die("unrecoverable error: current boot didn't "
 		    "retain the initrd for reuse.\n");
-
-	free(line);
 }
 
 char *concat_cmdline(const char *base, const char *append)
-- 
1.7.1

_______________________________________________
kexec mailing list
kexec@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/kexec

[PATCH 02/13] kexec: i386: bzImage: fix memory leak caused by get_command_line

[Zhang Yanfei]

From: Zhang Yanfei <zhangyanfei@cn.fujitsu.com>

Since get_command_line returns dynamically allocated memory, it is
easy for the caller to forget freeing the memory. Here fixes a
memory leak caused by this function.

Signed-off-by: Zhang Yanfei <zhangyanfei@cn.fujitsu.com>
---
 kexec/arch/i386/kexec-bzImage.c |    8 ++++++--
 1 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/kexec/arch/i386/kexec-bzImage.c b/kexec/arch/i386/kexec-bzImage.c
index 99fd790..39452a4 100644
--- a/kexec/arch/i386/kexec-bzImage.c
+++ b/kexec/arch/i386/kexec-bzImage.c
@@ -382,6 +382,7 @@ int bzImage_load(int argc, char **argv, const char *buf, off_t len,
 	struct kexec_info *info)
 {
 	char *command_line = NULL;
+	char *tmp_cmdline = NULL;
 	const char *ramdisk, *append = NULL;
 	char *ramdisk_buf;
 	off_t ramdisk_length;
@@ -421,7 +422,7 @@ int bzImage_load(int argc, char **argv, const char *buf, off_t len,
 			append = optarg;
 			break;
 		case OPT_REUSE_CMDLINE:
-			command_line = get_command_line();
+			tmp_cmdline = get_command_line();
 			break;
 		case OPT_RAMDISK:
 			ramdisk = optarg;
@@ -431,7 +432,10 @@ int bzImage_load(int argc, char **argv, const char *buf, off_t len,
 			break;
 		}
 	}
-	command_line = concat_cmdline(command_line, append);
+	command_line = concat_cmdline(tmp_cmdline, append);
+	if (tmp_cmdline) {
+		free(tmp_cmdline);
+	}
 	command_line_len = 0;
 	if (command_line) {
 		command_line_len = strlen(command_line) +1;
-- 
1.7.1

_______________________________________________
kexec mailing list
kexec@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/kexec

[PATCH 03/13] kexec: i386: elf: fix possible memory leak in elf_x86_load

[Zhang Yanfei]

From: Zhang Yanfei <zhangyanfei@cn.fujitsu.com>

In elf_x86_load, allocated memory may not be free'd if the code
exits abnormally, by calling die() or return. So the patch fixes
the possible memory leak.

This patch is also a preparation for patch04.

Signed-off-by: Zhang Yanfei <zhangyanfei@cn.fujitsu.com>
---
 kexec/arch/i386/kexec-elf-x86.c |   20 ++++++++++++++------
 1 files changed, 14 insertions(+), 6 deletions(-)

diff --git a/kexec/arch/i386/kexec-elf-x86.c b/kexec/arch/i386/kexec-elf-x86.c
index e62ebcb..de855c4 100644
--- a/kexec/arch/i386/kexec-elf-x86.c
+++ b/kexec/arch/i386/kexec-elf-x86.c
@@ -90,6 +90,8 @@ int elf_x86_load(int argc, char **argv, const char *buf, off_t len,
 	struct mem_ehdr ehdr;
 	char *command_line = NULL, *modified_cmdline = NULL;
 	const char *append = NULL;
+	char *error_msg = NULL;
+	int result;
 	int command_line_len;
 	int modified_cmdline_len;
 	const char *ramdisk;
@@ -120,9 +122,9 @@ int elf_x86_load(int argc, char **argv, const char *buf, off_t len,
 	 * Parse the command line arguments
 	 */
 	arg_style = ARG_STYLE_ELF;
-	modified_cmdline = 0;
 	modified_cmdline_len = 0;
 	ramdisk = 0;
+	result = 0;
 	while((opt = getopt_long(argc, argv, short_options, options, 0)) != -1) {
 		switch(opt) {
 		default:
@@ -215,7 +217,8 @@ int elf_x86_load(int argc, char **argv, const char *buf, off_t len,
 		elf_rel_set_symbol(&info->rhdr, "entry32_regs", &regs, sizeof(regs));
 
 		if (ramdisk) {
-			die("Ramdisks not supported with generic elf arguments");
+			error_msg = "Ramdisks not supported with generic elf arguments";
+			goto out;
 		}
 	}
 	else if (arg_style == ARG_STYLE_LINUX) {
@@ -256,8 +259,10 @@ int elf_x86_load(int argc, char **argv, const char *buf, off_t len,
 		if (info->kexec_flags & (KEXEC_ON_CRASH|KEXEC_PRESERVE_CONTEXT)) {
 			rc = load_crashdump_segments(info, modified_cmdline,
 						max_addr, 0);
-			if (rc < 0)
-				return -1;
+			if (rc < 0) {
+				result = -1;
+				goto out;
+			}
 			/* Use new command line. */
 			free(command_line);
 			command_line = modified_cmdline;
@@ -283,10 +288,13 @@ int elf_x86_load(int argc, char **argv, const char *buf, off_t len,
 		elf_rel_set_symbol(&info->rhdr, "entry32_regs", &regs, sizeof(regs));
 	}
 	else {
-		die("Unknown argument style\n");
+		error_msg = "Unknown argument style\n";
 	}
 
+out:
 	free(command_line);
 	free(modified_cmdline);
-	return 0;
+	if (error_msg)
+		die(error_msg);
+	return result;
 }
-- 
1.7.1


_______________________________________________
kexec mailing list
kexec@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/kexec

[PATCH 04/13] kexec: i386: elf: fix memory leak caused by get_command_line

[Zhang Yanfei]

From: Zhang Yanfei <zhangyanfei@cn.fujitsu.com>

Since get_command_line returns dynamically allocated memory, it is
easy for the caller to forget freeing the memory. Here fixes a
memory leak caused by this function.

Signed-off-by: Zhang Yanfei <zhangyanfei@cn.fujitsu.com>
---
 kexec/arch/i386/kexec-elf-x86.c |    8 ++++++--
 1 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/kexec/arch/i386/kexec-elf-x86.c b/kexec/arch/i386/kexec-elf-x86.c
index de855c4..94571ca 100644
--- a/kexec/arch/i386/kexec-elf-x86.c
+++ b/kexec/arch/i386/kexec-elf-x86.c
@@ -90,6 +90,7 @@ int elf_x86_load(int argc, char **argv, const char *buf, off_t len,
 	struct mem_ehdr ehdr;
 	char *command_line = NULL, *modified_cmdline = NULL;
 	const char *append = NULL;
+	char *tmp_cmdline = NULL;
 	char *error_msg = NULL;
 	int result;
 	int command_line_len;
@@ -139,7 +140,7 @@ int elf_x86_load(int argc, char **argv, const char *buf, off_t len,
 			append = optarg;
 			break;
 		case OPT_REUSE_CMDLINE:
-			command_line = get_command_line();
+			tmp_cmdline = get_command_line();
 			break;
 		case OPT_RAMDISK:
 			ramdisk = optarg;
@@ -159,7 +160,10 @@ int elf_x86_load(int argc, char **argv, const char *buf, off_t len,
 			break;
 		}
 	}
-	command_line = concat_cmdline(command_line, append);
+	command_line = concat_cmdline(tmp_cmdline, append);
+	if (tmp_cmdline) {
+		free(tmp_cmdline);
+	}
 	command_line_len = 0;
 	if (command_line) {
 		command_line_len = strlen(command_line) +1;
-- 
1.7.1


_______________________________________________
kexec mailing list
kexec@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/kexec

[PATCH 05/13] kexec: i386: multiboot: fix possible memory leak in multiboot_x86_load

[Zhang Yanfei]

From: Zhang Yanfei <zhangyanfei@cn.fujitsu.com>

In multiboot_x86_load, allocated memory may not be free'd if the code
exits abnormally, by calling return. So the patch fixes the possible
memory leak.

Besides, remove some extra blank lines.

Signed-off-by: Zhang Yanfei <zhangyanfei@cn.fujitsu.com>
---
 kexec/arch/i386/kexec-multiboot-x86.c |   16 ++++++----------
 1 files changed, 6 insertions(+), 10 deletions(-)

diff --git a/kexec/arch/i386/kexec-multiboot-x86.c b/kexec/arch/i386/kexec-multiboot-x86.c
index 3f787e1..4252f75 100644
--- a/kexec/arch/i386/kexec-multiboot-x86.c
+++ b/kexec/arch/i386/kexec-multiboot-x86.c
@@ -153,7 +153,7 @@ int multiboot_x86_load(int argc, char **argv, const char *buf, off_t len,
 	int ranges;
 	struct AddrRangeDesc *mmap;
 	int command_line_len;
-	int i;
+	int i, result;
 	uint32_t u;
 	int opt;
 	int modules, mod_command_line_space;
@@ -174,13 +174,12 @@ int multiboot_x86_load(int argc, char **argv, const char *buf, off_t len,
 		fprintf(stderr, "Cannot find a loadable multiboot header.\n");
 		return -1;
 	}
-
 	
 	/* Parse the command line */
-	command_line = "";
 	command_line_len = 0;
 	modules = 0;
 	mod_command_line_space = 0;
+	result = 0;
 	while((opt = getopt_long(argc, argv, short_options, options, 0)) != -1)
 	{
 		switch(opt) {
@@ -207,8 +206,6 @@ int multiboot_x86_load(int argc, char **argv, const char *buf, off_t len,
 	imagename = argv[optind];
 	command_line = concat_cmdline(command_line, append);
 	command_line_len = strlen(command_line) + strlen(imagename) + 2;
-
-
 	
 	/* Load the ELF executable */
 	elf_exec_build_load(info, &ehdr, buf, len, 0);
@@ -274,7 +271,6 @@ int multiboot_x86_load(int argc, char **argv, const char *buf, off_t len,
 		mmap[i].Type = 0xbad;  /* Not RAM */
 	}
 
-
 	if (mbh->flags & MULTIBOOT_MEMORY_INFO) { 
 		/* Provide a copy of the memory map to the kernel */
 
@@ -295,7 +291,6 @@ int multiboot_x86_load(int argc, char **argv, const char *buf, off_t len,
 		/* done */
 	}
 
-
 	/* Load modules */
 	if (modules) {
 		char *mod_filename, *mod_command_line, *mod_clp, *buf;
@@ -358,10 +353,10 @@ int multiboot_x86_load(int argc, char **argv, const char *buf, off_t len,
 		
 	}
 
-
 	/* Find a place for the MBI to live */
 	if (sort_segments(info) < 0) {
-                return -1;
+                result = -1;
+		goto out;
         }
 	mbi_base = add_buffer(info,
 		mbi_buf, mbi_bytes, mbi_bytes, 4, 0, 0xFFFFFFFFUL, 1);
@@ -383,8 +378,9 @@ int multiboot_x86_load(int argc, char **argv, const char *buf, off_t len,
 	regs.eip = ehdr.e_entry;
 	elf_rel_set_symbol(&info->rhdr, "entry32_regs", &regs, sizeof(regs));
 
+out:
 	free(command_line);
-	return 0;
+	return result;
 }
 
 /*
-- 
1.7.1


_______________________________________________
kexec mailing list
kexec@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/kexec

[PATCH 06/13] kexec: i386: multiboot: fix memory leak caused by get_command_line

[Zhang Yanfei]

From: Zhang Yanfei <zhangyanfei@cn.fujitsu.com>

Since get_command_line returns dynamically allocated memory, it is
easy for the caller to forget freeing the memory. Here fixes a
memory leak caused by this function.

Signed-off-by: Zhang Yanfei <zhangyanfei@cn.fujitsu.com>
---
 kexec/arch/i386/kexec-multiboot-x86.c |    9 ++++++---
 1 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/kexec/arch/i386/kexec-multiboot-x86.c b/kexec/arch/i386/kexec-multiboot-x86.c
index 4252f75..4520fd7 100644
--- a/kexec/arch/i386/kexec-multiboot-x86.c
+++ b/kexec/arch/i386/kexec-multiboot-x86.c
@@ -147,7 +147,7 @@ int multiboot_x86_load(int argc, char **argv, const char *buf, off_t len,
 	unsigned long mbi_base;
 	struct entry32_regs regs;
 	size_t mbi_bytes, mbi_offset;
-	char *command_line = NULL;
+	char *command_line = NULL, *tmp_cmdline = NULL;
 	char *imagename, *cp, *append = NULL;;
 	struct memory_range *range;
 	int ranges;
@@ -195,7 +195,7 @@ int multiboot_x86_load(int argc, char **argv, const char *buf, off_t len,
 			append = optarg;
 			break;
 		case OPT_REUSE_CMDLINE:
-			command_line = get_command_line();
+			tmp_cmdline = get_command_line();
 			break;
 		case OPT_MOD:
 			modules++;
@@ -204,7 +204,10 @@ int multiboot_x86_load(int argc, char **argv, const char *buf, off_t len,
 		}
 	}
 	imagename = argv[optind];
-	command_line = concat_cmdline(command_line, append);
+	command_line = concat_cmdline(tmp_cmdline, append);
+	if (tmp_cmdline) {
+		free(tmp_cmdline);
+	}
 	command_line_len = strlen(command_line) + strlen(imagename) + 2;
 	
 	/* Load the ELF executable */
-- 
1.7.1

_______________________________________________
kexec mailing list
kexec@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/kexec

[PATCH 07/13] kexec: ppc: elf: fix possible memory leak in elf_ppc_load

[Zhang Yanfei]

From: Zhang Yanfei <zhangyanfei@cn.fujitsu.com>

In elf_ppc_load, allocated memory may not be free'd if the code
exits abnormally, by calling die() or return. So the patch fixes
the possible memory leak.

This patch is also a preparation for patch08.

Signed-off-by: Zhang Yanfei <zhangyanfei@cn.fujitsu.com>
---
 kexec/arch/ppc/kexec-elf-ppc.c |   56 ++++++++++++++++++++++++---------------
 1 files changed, 34 insertions(+), 22 deletions(-)

diff --git a/kexec/arch/ppc/kexec-elf-ppc.c b/kexec/arch/ppc/kexec-elf-ppc.c
index 65a65cc..1eb3a62 100644
--- a/kexec/arch/ppc/kexec-elf-ppc.c
+++ b/kexec/arch/ppc/kexec-elf-ppc.c
@@ -159,6 +159,7 @@ int elf_ppc_load(int argc, char **argv,	const char *buf, off_t len,
 	int command_line_len;
 	char *dtb;
 	int result;
+	char *error_msg;
 	unsigned long max_addr, hole_addr;
 	struct mem_phdr *phdr;
 	size_t size;
@@ -196,6 +197,8 @@ int elf_ppc_load(int argc, char **argv,	const char *buf, off_t len,
 	hole_addr = 0;
 	kernel_addr = 0;
 	ramdisk = 0;
+	result = 0;
+	error_msg = NULL;
 
 	while ((opt = getopt_long(argc, argv, short_options, options, 0)) != -1) {
 		switch (opt) {
@@ -232,6 +235,9 @@ int elf_ppc_load(int argc, char **argv,	const char *buf, off_t len,
 		}
 	}
 
+	if (ramdisk && reuse_initrd)
+		die("Can't specify --ramdisk or --initrd with --reuseinitrd\n");
+
 	command_line_len = 0;
 	if (command_line) {
 		command_line_len = strlen(command_line) + 1;
@@ -240,9 +246,6 @@ int elf_ppc_load(int argc, char **argv,	const char *buf, off_t len,
 		command_line_len = strlen(command_line) + 1;
 	}
 
-	if (ramdisk && reuse_initrd)
-		die("Can't specify --ramdisk or --initrd with --reuseinitrd\n");
-
 	fixup_nodes[cur_fixup] = NULL;
 
 	/* Need to append some command line parameters internally in case of
@@ -257,8 +260,7 @@ int elf_ppc_load(int argc, char **argv,	const char *buf, off_t len,
 	/* Parse the Elf file */
 	result = build_elf_exec_info(buf, len, &ehdr, 0);
 	if (result < 0) {
-		free_elf_info(&ehdr);
-		return result;
+		goto out;
 	}
 
 #ifdef WITH_GAMECUBE
@@ -287,8 +289,7 @@ int elf_ppc_load(int argc, char **argv,	const char *buf, off_t len,
 	/* Load the Elf data */
 	result = elf_exec_load(&ehdr, info);
 	if (result < 0) {
-		free_elf_info(&ehdr);
-		return result;
+		goto out;
 	}
 
 	/* If panic kernel is being loaded, additional segments need
@@ -298,20 +299,11 @@ int elf_ppc_load(int argc, char **argv,	const char *buf, off_t len,
 		result = load_crashdump_segments(info, crash_cmdline,
 						max_addr, 0);
 		if (result < 0) {
-			free(crash_cmdline);
-			return -1;
+			result = -1;
+			goto out;
 		}
 	}
 
-	cmdline_buf = xmalloc(COMMAND_LINE_SIZE);
-	memset((void *)cmdline_buf, 0, COMMAND_LINE_SIZE);
-	if (command_line)
-		strncat(cmdline_buf, command_line, command_line_len);
-	if (crash_cmdline)
-		strncat(cmdline_buf, crash_cmdline,
-				sizeof(crash_cmdline) -
-				strlen(crash_cmdline) - 1);
-
 	/*
 	 * In case of a toy we take the hardcoded things and an easy setup via
 	 * one of the assembly startups. Every thing else should be grown up
@@ -345,6 +337,15 @@ int elf_ppc_load(int argc, char **argv,	const char *buf, off_t len,
 
 	info->entry = (void *)arg_base;
 #else
+	cmdline_buf = xmalloc(COMMAND_LINE_SIZE);
+	memset((void *)cmdline_buf, 0, COMMAND_LINE_SIZE);
+	if (command_line)
+		strncat(cmdline_buf, command_line, command_line_len);
+	if (crash_cmdline)
+		strncat(cmdline_buf, crash_cmdline,
+				sizeof(crash_cmdline) -
+				strlen(crash_cmdline) - 1);
+
 	elf_rel_build_load(info, &info->rhdr, (const char *)purgatory,
 			purgatory_size, 0, elf_max_addr(&ehdr), 1, 0);
 
@@ -358,8 +359,10 @@ int elf_ppc_load(int argc, char **argv,	const char *buf, off_t len,
 		create_flatten_tree(info, (unsigned char **)&blob_buf,
 				(unsigned long *)&blob_size, cmdline_buf);
 	}
-	if (!blob_buf || !blob_size)
-		die("Device tree seems to be an empty file.\n");
+	if (!blob_buf || !blob_size) {
+		error_msg = "Device tree seems to be an empty file.\n";
+		goto out2;
+	}
 
 	/* initial fixup for device tree */
 	blob_buf = fixup_dtb_init(info, blob_buf, &blob_size, kernel_addr, &dtb_addr);
@@ -394,7 +397,8 @@ int elf_ppc_load(int argc, char **argv,	const char *buf, off_t len,
 	dtb_addr_actual = add_buffer(info, blob_buf, blob_size, blob_size, 0, dtb_addr,
 			kernel_addr + KERNEL_ACCESS_TOP, 1);
 	if (dtb_addr_actual != dtb_addr) {
-		die("Error device tree not loadded to address it was expecting to be loaded too!\n");
+		error_msg = "Error device tree not loadded to address it was expecting to be loaded too!\n";
+		goto out2;
 	}
 
 	/* 
@@ -439,7 +443,15 @@ int elf_ppc_load(int argc, char **argv,	const char *buf, off_t len,
 
 	addr = elf_rel_get_addr(&info->rhdr, "purgatory_start");
 	info->entry = (void *)addr;
+
+out2:
+	free(cmdline_buf);
 #endif
+out:
+	free_elf_info(&ehdr);
+	free(crash_cmdline);
+	if (error_msg)
+		die(error_msg);
 
-	return 0;
+	return result;
 }
-- 
1.7.1


_______________________________________________
kexec mailing list
kexec@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/kexec

[PATCH 08/13] kexec: ppc: elf: fix memory leak caused by get_command_line

[Zhang Yanfei]

From: Zhang Yanfei <zhangyanfei@cn.fujitsu.com>

Since get_command_line returns dynamically allocated memory, it is
easy for the caller to forget freeing the memory. Here fixes a
memory leak caused by this function.

Signed-off-by: Zhang Yanfei <zhangyanfei@cn.fujitsu.com>
---
 kexec/arch/ppc/kexec-elf-ppc.c |   13 ++++++++-----
 1 files changed, 8 insertions(+), 5 deletions(-)

diff --git a/kexec/arch/ppc/kexec-elf-ppc.c b/kexec/arch/ppc/kexec-elf-ppc.c
index 1eb3a62..694befb 100644
--- a/kexec/arch/ppc/kexec-elf-ppc.c
+++ b/kexec/arch/ppc/kexec-elf-ppc.c
@@ -156,6 +156,7 @@ int elf_ppc_load(int argc, char **argv,	const char *buf, off_t len,
 {
 	struct mem_ehdr ehdr;
 	char *command_line, *crash_cmdline, *cmdline_buf;
+	char *tmp_cmdline;
 	int command_line_len;
 	char *dtb;
 	int result;
@@ -191,7 +192,7 @@ int elf_ppc_load(int argc, char **argv,	const char *buf, off_t len,
 	char *blob_buf = NULL;
 	off_t blob_size = 0;
 
-	command_line = NULL;
+	command_line = tmp_cmdline = NULL;
 	dtb = NULL;
 	max_addr = LONG_MAX;
 	hole_addr = 0;
@@ -211,7 +212,7 @@ int elf_ppc_load(int argc, char **argv,	const char *buf, off_t len,
 			usage();
 			return -1;
 		case OPT_APPEND:
-			command_line = optarg;
+			tmp_cmdline = optarg;
 			break;
 		case OPT_RAMDISK:
 			ramdisk = optarg;
@@ -239,12 +240,12 @@ int elf_ppc_load(int argc, char **argv,	const char *buf, off_t len,
 		die("Can't specify --ramdisk or --initrd with --reuseinitrd\n");
 
 	command_line_len = 0;
-	if (command_line) {
-		command_line_len = strlen(command_line) + 1;
+	if (tmp_cmdline) {
+		command_line = tmp_cmdline;
 	} else {
 		command_line = get_command_line();
-		command_line_len = strlen(command_line) + 1;
 	}
+	command_line_len = strlen(command_line) + 1;
 
 	fixup_nodes[cur_fixup] = NULL;
 
@@ -450,6 +451,8 @@ out2:
 out:
 	free_elf_info(&ehdr);
 	free(crash_cmdline);
+	if (!tmp_cmdline)
+		free(command_line);
 	if (error_msg)
 		die(error_msg);
 
-- 
1.7.1


_______________________________________________
kexec mailing list
kexec@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/kexec

[PATCH 09/13] kexec: ppc: uImage: fix possible memory leak in ppc_load_bare_bits

[Zhang Yanfei]

From: Zhang Yanfei <zhangyanfei@cn.fujitsu.com>

In ppc_load_bare_bits, allocated memory may not be free'd if the code
exits abnormally, by calling die() or return. So the patch fixes
the possible memory leak.

This patch is also a preparation for patch10.

Signed-off-by: Zhang Yanfei <zhangyanfei@cn.fujitsu.com>
---
 kexec/arch/ppc/kexec-uImage-ppc.c |   23 +++++++++++++++++------
 1 files changed, 17 insertions(+), 6 deletions(-)

diff --git a/kexec/arch/ppc/kexec-uImage-ppc.c b/kexec/arch/ppc/kexec-uImage-ppc.c
index 900cd16..fd8959c 100644
--- a/kexec/arch/ppc/kexec-uImage-ppc.c
+++ b/kexec/arch/ppc/kexec-uImage-ppc.c
@@ -90,13 +90,14 @@ static int ppc_load_bare_bits(int argc, char **argv, const char *buf,
 	char *fixup_nodes[FIXUP_ENTRYS + 1];
 	int cur_fixup = 0;
 	int opt;
-	int ret;
+	int ret = 0;
 	char *seg_buf = NULL;
 	off_t seg_size = 0;
 	unsigned long long hole_addr;
 	unsigned long max_addr;
 	char *blob_buf = NULL;
 	off_t blob_size = 0;
+	char *error_msg = NULL;
 
 	cmdline_buf = NULL;
 	command_line = NULL;
@@ -186,7 +187,8 @@ static int ppc_load_bare_bits(int argc, char **argv, const char *buf,
 		ret = load_crashdump_segments(info, crash_cmdline,
 						max_addr, 0);
 		if (ret < 0) {
-			return -1;
+			ret = -1;
+			goto out;
 		}
 	}
 
@@ -212,8 +214,10 @@ static int ppc_load_bare_bits(int argc, char **argv, const char *buf,
 		create_flatten_tree(info, (unsigned char **)&blob_buf,
 				(unsigned long *)&blob_size, cmdline_buf);
 	}
-	if (!blob_buf || !blob_size)
-		die("Device tree seems to be an empty file.\n");
+	if (!blob_buf || !blob_size) {
+		error_msg = "Device tree seems to be an empty file.\n";
+		goto out2;
+	}
 
 	/* initial fixup for device tree */
 	blob_buf = fixup_dtb_init(info, blob_buf, &blob_size, load_addr, &dtb_addr);
@@ -249,7 +253,8 @@ static int ppc_load_bare_bits(int argc, char **argv, const char *buf,
 			load_addr + KERNEL_ACCESS_TOP, 1);
 	if (dtb_addr_actual != dtb_addr) {
 		printf("dtb_addr_actual: %lx, dtb_addr: %lx\n", dtb_addr_actual, dtb_addr);
-		die("Error device tree not loadded to address it was expecting to be loaded too!\n");
+		error_msg = "Error device tree not loadded to address it was expecting to be loaded too!\n";
+		goto out2;
 	}
 
 	/* set various variables for the purgatory */
@@ -286,7 +291,13 @@ static int ppc_load_bare_bits(int argc, char **argv, const char *buf,
 	addr = elf_rel_get_addr(&info->rhdr, "purgatory_start");
 	info->entry = (void *)addr;
 
-	return 0;
+out2:
+	free(cmdline_buf);
+out:
+	free(crash_cmdline);
+	if (error_msg)
+		die(error_msg);
+	return ret;
 }
 
 int uImage_ppc_load(int argc, char **argv, const char *buf, off_t len,
-- 
1.7.1


_______________________________________________
kexec mailing list
kexec@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/kexec

[PATCH 10/13] kexec: ppc: uImage: fix memory leak caused by get_command_line

[Zhang Yanfei]

From: Zhang Yanfei <zhangyanfei@cn.fujitsu.com>

Since get_command_line returns dynamically allocated memory, it is
easy for the caller to forget freeing the memory. Here fixes a
memory leak caused by this function.

Signed-off-by: Zhang Yanfei <zhangyanfei@cn.fujitsu.com>
---
 kexec/arch/ppc/kexec-uImage-ppc.c |   12 ++++++++----
 1 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/kexec/arch/ppc/kexec-uImage-ppc.c b/kexec/arch/ppc/kexec-uImage-ppc.c
index fd8959c..c4d39f2 100644
--- a/kexec/arch/ppc/kexec-uImage-ppc.c
+++ b/kexec/arch/ppc/kexec-uImage-ppc.c
@@ -81,6 +81,7 @@ static int ppc_load_bare_bits(int argc, char **argv, const char *buf,
 		unsigned int ep)
 {
 	char *command_line, *cmdline_buf, *crash_cmdline;
+	char *tmp_cmdline;
 	int command_line_len;
 	char *dtb;
 	unsigned int addr;
@@ -101,6 +102,7 @@ static int ppc_load_bare_bits(int argc, char **argv, const char *buf,
 
 	cmdline_buf = NULL;
 	command_line = NULL;
+	tmp_cmdline = NULL;
 	dtb = NULL;
 	max_addr = LONG_MAX;
 
@@ -115,7 +117,7 @@ static int ppc_load_bare_bits(int argc, char **argv, const char *buf,
 			usage();
 			return -1;
 		case OPT_APPEND:
-			command_line = optarg;
+			tmp_cmdline = optarg;
 			break;
 
 		case OPT_RAMDISK:
@@ -141,12 +143,12 @@ static int ppc_load_bare_bits(int argc, char **argv, const char *buf,
 		die("Can't specify --ramdisk or --initrd with --reuseinitrd\n");
 
 	command_line_len = 0;
-	if (command_line) {
-		command_line_len = strlen(command_line) + 1;
+	if (tmp_cmdline) {
+		command_line = tmp_cmdline;
 	} else {
 		command_line = get_command_line();
-		command_line_len = strlen(command_line) + 1;
 	}
+	command_line_len = strlen(command_line) + 1;
 
 	fixup_nodes[cur_fixup] = NULL;
 
@@ -295,6 +297,8 @@ out2:
 	free(cmdline_buf);
 out:
 	free(crash_cmdline);
+	if (!tmp_cmdline)
+		free(command_line);
 	if (error_msg)
 		die(error_msg);
 	return ret;
-- 
1.7.1


_______________________________________________
kexec mailing list
kexec@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/kexec

[PATCH 11/13] kexec: x86_64: bzImage64: fix memory leak caused by get_command_line

[Zhang Yanfei]

From: Zhang Yanfei <zhangyanfei@cn.fujitsu.com>

Since get_command_line returns dynamically allocated memory, it is
easy for the caller to forget freeing the memory. Here fixes a
memory leak caused by this function.

Signed-off-by: Zhang Yanfei <zhangyanfei@cn.fujitsu.com>
---
 kexec/arch/x86_64/kexec-bzImage64.c |    8 +++++---
 1 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/kexec/arch/x86_64/kexec-bzImage64.c b/kexec/arch/x86_64/kexec-bzImage64.c
index 86e6d13..21bc4ae 100644
--- a/kexec/arch/x86_64/kexec-bzImage64.c
+++ b/kexec/arch/x86_64/kexec-bzImage64.c
@@ -232,7 +232,7 @@ static int do_bzImage64_load(struct kexec_info *info,
 int bzImage64_load(int argc, char **argv, const char *buf, off_t len,
 	struct kexec_info *info)
 {
-	char *command_line = NULL;
+	char *command_line = NULL, *tmp_cmdline = NULL;
 	const char *ramdisk = NULL, *append = NULL;
 	char *ramdisk_buf;
 	off_t ramdisk_length = 0;
@@ -269,7 +269,7 @@ int bzImage64_load(int argc, char **argv, const char *buf, off_t len,
 			append = optarg;
 			break;
 		case OPT_REUSE_CMDLINE:
-			command_line = get_command_line();
+			tmp_cmdline = get_command_line();
 			break;
 		case OPT_RAMDISK:
 			ramdisk = optarg;
@@ -282,7 +282,9 @@ int bzImage64_load(int argc, char **argv, const char *buf, off_t len,
 			break;
 		}
 	}
-	command_line = concat_cmdline(command_line, append);
+	command_line = concat_cmdline(tmp_cmdline, append);
+	if (tmp_cmdline)
+		free(tmp_cmdline);
 	command_line_len = 0;
 	if (command_line)
 		command_line_len = strlen(command_line) + 1;
-- 
1.7.1


_______________________________________________
kexec mailing list
kexec@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/kexec

[PATCH 12/13] kexec: x86_64: elf: fix memory leak caused by get_command_line

[Zhang Yanfei]

From: Zhang Yanfei <zhangyanfei@cn.fujitsu.com>

Since get_command_line returns dynamically allocated memory, it is
easy for the caller to forget freeing the memory. Here fixes a
memory leak caused by this function.

Signed-off-by: Zhang Yanfei <zhangyanfei@cn.fujitsu.com>
---
 kexec/arch/x86_64/kexec-elf-x86_64.c |    7 +++++--
 1 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/kexec/arch/x86_64/kexec-elf-x86_64.c b/kexec/arch/x86_64/kexec-elf-x86_64.c
index a3fc728..4a41780 100644
--- a/kexec/arch/x86_64/kexec-elf-x86_64.c
+++ b/kexec/arch/x86_64/kexec-elf-x86_64.c
@@ -89,6 +89,7 @@ int elf_x86_64_load(int argc, char **argv, const char *buf, off_t len,
 	struct mem_ehdr ehdr;
 	const char *append = NULL;
 	char *command_line = NULL, *modified_cmdline;
+	char *tmp_cmdline = NULL;
 	int command_line_len;
 	const char *ramdisk;
 	unsigned long entry, max_addr;
@@ -135,7 +136,7 @@ int elf_x86_64_load(int argc, char **argv, const char *buf, off_t len,
 			append = optarg;
 			break;
 		case OPT_REUSE_CMDLINE:
-			command_line = get_command_line();
+			tmp_cmdline = get_command_line();
 			break;
 		case OPT_RAMDISK:
 			ramdisk = optarg;
@@ -155,7 +156,9 @@ int elf_x86_64_load(int argc, char **argv, const char *buf, off_t len,
 			break;
 		}
 	}
-	command_line = concat_cmdline(command_line, append);
+	command_line = concat_cmdline(tmp_cmdline, append);
+	if (tmp_cmdline)
+		free(tmp_cmdline);
 	command_line_len = 0;
 	if (command_line) {
 		command_line_len = strlen(command_line) +1;
-- 
1.7.1


_______________________________________________
kexec mailing list
kexec@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/kexec

[PATCH 13/13] kexec: x86_64: elf: fix possible memory leak in elf_x86_64_load

[Zhang Yanfei]

From: Zhang Yanfei <zhangyanfei@cn.fujitsu.com>

In elf_x86_64_load, allocated memory may not be free'd if the code
exits abnormally, by calling die() or return. So the patch fixes
the possible memory leak.

Signed-off-by: Zhang Yanfei <zhangyanfei@cn.fujitsu.com>
---
 kexec/arch/x86_64/kexec-elf-x86_64.c |   18 +++++++++++++-----
 1 files changed, 13 insertions(+), 5 deletions(-)

diff --git a/kexec/arch/x86_64/kexec-elf-x86_64.c b/kexec/arch/x86_64/kexec-elf-x86_64.c
index 4a41780..7944be4 100644
--- a/kexec/arch/x86_64/kexec-elf-x86_64.c
+++ b/kexec/arch/x86_64/kexec-elf-x86_64.c
@@ -98,6 +98,8 @@ int elf_x86_64_load(int argc, char **argv, const char *buf, off_t len,
 #define ARG_STYLE_LINUX 1
 #define ARG_STYLE_NONE  2
 	int opt;
+	int result = 0;
+	char *error_msg = NULL;
 
 	/* See options.h and add any new options there too! */
 	static const struct option options[] = {
@@ -208,7 +210,8 @@ int elf_x86_64_load(int argc, char **argv, const char *buf, off_t len,
 		elf_rel_set_symbol(&info->rhdr, "entry64_regs", &regs, sizeof(regs));
 
 		if (ramdisk) {
-			die("Ramdisks not supported with generic elf arguments");
+			error_msg = "Ramdisks not supported with generic elf arguments";
+			goto out;
 		}
 	}
 	else if (arg_style == ARG_STYLE_LINUX) {
@@ -240,8 +243,10 @@ int elf_x86_64_load(int argc, char **argv, const char *buf, off_t len,
 		if (info->kexec_flags & KEXEC_ON_CRASH) {
 			rc = load_crashdump_segments(info, modified_cmdline,
 							max_addr, 0);
-			if (rc < 0)
-				return -1;
+			if (rc < 0) {
+				result = -1;
+				goto out;
+			}
 			/* Use new command line. */
 			free(command_line);
 			command_line = modified_cmdline;
@@ -267,10 +272,13 @@ int elf_x86_64_load(int argc, char **argv, const char *buf, off_t len,
 		elf_rel_set_symbol(&info->rhdr, "entry64_regs", &regs, sizeof(regs));
 	}
 	else {
-		die("Unknown argument style\n");
+		error_msg = "Unknown argument style\n";
 	}
 
+out:
 	free(command_line);
 	free(modified_cmdline);
-	return 0;
+	if (error_msg)
+		die(error_msg);
+	return result;
 }
-- 
1.7.1


_______________________________________________
kexec mailing list
kexec@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/kexec

Re: [PATCH 01/13] kexec: fix possible memory leak in check_reuse_initrd

[Simon Horman]

On Mon, Mar 25, 2013 at 11:03:52PM +0800, Zhang Yanfei wrote:
> From: Zhang Yanfei <zhangyanfei@cn.fujitsu.com>
> 
> If the if test is ok, then it will call die() to exit the process,
> so freeing line will not be reached, causing memory leak. Fix this.

Thanks, applied.

_______________________________________________
kexec mailing list
kexec@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/kexec

Re: [PATCH 02/13] kexec: i386: bzImage: fix memory leak caused by get_command_line

[Simon Horman]

On Mon, Mar 25, 2013 at 11:05:49PM +0800, Zhang Yanfei wrote:
> From: Zhang Yanfei <zhangyanfei@cn.fujitsu.com>
> 
> Since get_command_line returns dynamically allocated memory, it is
> easy for the caller to forget freeing the memory. Here fixes a
> memory leak caused by this function.
> 
> Signed-off-by: Zhang Yanfei <zhangyanfei@cn.fujitsu.com>

Thanks, applied.

_______________________________________________
kexec mailing list
kexec@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/kexec

Re: [PATCH 03/13] kexec: i386: elf: fix possible memory leak in elf_x86_load

[Simon Horman]

On Mon, Mar 25, 2013 at 11:07:49PM +0800, Zhang Yanfei wrote:
> From: Zhang Yanfei <zhangyanfei@cn.fujitsu.com>
> 
> In elf_x86_load, allocated memory may not be free'd if the code
> exits abnormally, by calling die() or return. So the patch fixes
> the possible memory leak.
> 
> This patch is also a preparation for patch04.
> 
> Signed-off-by: Zhang Yanfei <zhangyanfei@cn.fujitsu.com>

Thanks, applied.

_______________________________________________
kexec mailing list
kexec@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/kexec

Re: [PATCH 04/13] kexec: i386: elf: fix memory leak caused by get_command_line

[Simon Horman]

On Mon, Mar 25, 2013 at 11:09:01PM +0800, Zhang Yanfei wrote:
> From: Zhang Yanfei <zhangyanfei@cn.fujitsu.com>
> 
> Since get_command_line returns dynamically allocated memory, it is
> easy for the caller to forget freeing the memory. Here fixes a
> memory leak caused by this function.
> 
> Signed-off-by: Zhang Yanfei <zhangyanfei@cn.fujitsu.com>

Thanks, applied.

_______________________________________________
kexec mailing list
kexec@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/kexec

Re: [PATCH 05/13] kexec: i386: multiboot: fix possible memory leak in multiboot_x86_load

[Simon Horman]

On Mon, Mar 25, 2013 at 11:10:35PM +0800, Zhang Yanfei wrote:
> From: Zhang Yanfei <zhangyanfei@cn.fujitsu.com>
> 
> In multiboot_x86_load, allocated memory may not be free'd if the code
> exits abnormally, by calling return. So the patch fixes the possible
> memory leak.
> 
> Besides, remove some extra blank lines.
> 
> Signed-off-by: Zhang Yanfei <zhangyanfei@cn.fujitsu.com>

Thanks, applied.

_______________________________________________
kexec mailing list
kexec@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/kexec

Re: [PATCH 06/13] kexec: i386: multiboot: fix memory leak caused by get_command_line

[Simon Horman]

On Mon, Mar 25, 2013 at 11:11:29PM +0800, Zhang Yanfei wrote:
> From: Zhang Yanfei <zhangyanfei@cn.fujitsu.com>
> 
> Since get_command_line returns dynamically allocated memory, it is
> easy for the caller to forget freeing the memory. Here fixes a
> memory leak caused by this function.
> 
> Signed-off-by: Zhang Yanfei <zhangyanfei@cn.fujitsu.com>
> ---
>  kexec/arch/i386/kexec-multiboot-x86.c |    9 ++++++---
>  1 files changed, 6 insertions(+), 3 deletions(-)

Thanks, applied.

_______________________________________________
kexec mailing list
kexec@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/kexec

Re: [PATCH 07/13] kexec: ppc: elf: fix possible memory leak in elf_ppc_load

[Simon Horman]

On Mon, Mar 25, 2013 at 11:12:51PM +0800, Zhang Yanfei wrote:
> From: Zhang Yanfei <zhangyanfei@cn.fujitsu.com>
> 
> In elf_ppc_load, allocated memory may not be free'd if the code
> exits abnormally, by calling die() or return. So the patch fixes
> the possible memory leak.
> 
> This patch is also a preparation for patch08.
> 
> Signed-off-by: Zhang Yanfei <zhangyanfei@cn.fujitsu.com>

Thanks, applied.

_______________________________________________
kexec mailing list
kexec@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/kexec

Re: [PATCH 08/13] kexec: ppc: elf: fix memory leak caused by get_command_line

[Simon Horman]

On Mon, Mar 25, 2013 at 11:13:40PM +0800, Zhang Yanfei wrote:
> From: Zhang Yanfei <zhangyanfei@cn.fujitsu.com>
> 
> Since get_command_line returns dynamically allocated memory, it is
> easy for the caller to forget freeing the memory. Here fixes a
> memory leak caused by this function.
> 
> Signed-off-by: Zhang Yanfei <zhangyanfei@cn.fujitsu.com>

Thanks, applied.

_______________________________________________
kexec mailing list
kexec@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/kexec

Re: [PATCH 09/13] kexec: ppc: uImage: fix possible memory leak in ppc_load_bare_bits

[Simon Horman]

On Mon, Mar 25, 2013 at 11:15:00PM +0800, Zhang Yanfei wrote:
> From: Zhang Yanfei <zhangyanfei@cn.fujitsu.com>
> 
> In ppc_load_bare_bits, allocated memory may not be free'd if the code
> exits abnormally, by calling die() or return. So the patch fixes
> the possible memory leak.
> 
> This patch is also a preparation for patch10.
> 
> Signed-off-by: Zhang Yanfei <zhangyanfei@cn.fujitsu.com>

Thanks, applied.

_______________________________________________
kexec mailing list
kexec@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/kexec

Re: [PATCH 10/13] kexec: ppc: uImage: fix memory leak caused by get_command_line

[Simon Horman]

On Mon, Mar 25, 2013 at 11:15:42PM +0800, Zhang Yanfei wrote:
> From: Zhang Yanfei <zhangyanfei@cn.fujitsu.com>
> 
> Since get_command_line returns dynamically allocated memory, it is
> easy for the caller to forget freeing the memory. Here fixes a
> memory leak caused by this function.
> 
> Signed-off-by: Zhang Yanfei <zhangyanfei@cn.fujitsu.com>

Thanks, applied.

_______________________________________________
kexec mailing list
kexec@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/kexec

Re: [PATCH 11/13] kexec: x86_64: bzImage64: fix memory leak caused by get_command_line

[Simon Horman]

On Mon, Mar 25, 2013 at 11:16:34PM +0800, Zhang Yanfei wrote:
> From: Zhang Yanfei <zhangyanfei@cn.fujitsu.com>
> 
> Since get_command_line returns dynamically allocated memory, it is
> easy for the caller to forget freeing the memory. Here fixes a
> memory leak caused by this function.
> 
> Signed-off-by: Zhang Yanfei <zhangyanfei@cn.fujitsu.com>

Thanks, applied.

_______________________________________________
kexec mailing list
kexec@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/kexec

Re: [PATCH 12/13] kexec: x86_64: elf: fix memory leak caused by get_command_line

[Simon Horman]

On Mon, Mar 25, 2013 at 11:17:29PM +0800, Zhang Yanfei wrote:
> From: Zhang Yanfei <zhangyanfei@cn.fujitsu.com>
> 
> Since get_command_line returns dynamically allocated memory, it is
> easy for the caller to forget freeing the memory. Here fixes a
> memory leak caused by this function.
> 
> Signed-off-by: Zhang Yanfei <zhangyanfei@cn.fujitsu.com>
> ---
>  kexec/arch/x86_64/kexec-elf-x86_64.c |    7 +++++--
>  1 files changed, 5 insertions(+), 2 deletions(-)

Thanks, applied.

_______________________________________________
kexec mailing list
kexec@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/kexec

Re: [PATCH 13/13] kexec: x86_64: elf: fix possible memory leak in elf_x86_64_load

[Simon Horman]

On Mon, Mar 25, 2013 at 11:18:19PM +0800, Zhang Yanfei wrote:
> From: Zhang Yanfei <zhangyanfei@cn.fujitsu.com>
> 
> In elf_x86_64_load, allocated memory may not be free'd if the code
> exits abnormally, by calling die() or return. So the patch fixes
> the possible memory leak.
> 
> Signed-off-by: Zhang Yanfei <zhangyanfei@cn.fujitsu.com>

Thanks applied.

_______________________________________________
kexec mailing list
kexec@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/kexec