module: release codetag section when module load fails

commit 221fcbf77578826fad8f4bfa0530b5b55bf9676a upstream.

When module load fails after memory for codetag section is ready, codetag
section memory will not be properly released.  This causes memory leak,
and if next module load happens to get the same module address, codetag
may pick the uninitialized section when manipulating tags during module
unload, and leads to "unable to handle page fault" BUG.

Link: https://lkml.kernel.org/r/20250519163823.7540-1-00107082@163.com
Fixes: 0db6f8d7820a ("alloc_tag: load module tags into separate contiguous memory")
Closes: https://lore.kernel.org/all/20250516131246.6244-1-00107082@163.com/
Signed-off-by: David Wang <00107082@163.com>
Acked-by: Suren Baghdasaryan <surenb@google.com>
Cc: Petr Pavlu <petr.pavlu@suse.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/kernel/module/main.c b/kernel/module/main.c
index 1fb9ad289a6f8f328fc37c6d93730882d0e6e613..738ecfa7e6657c247677097aeed80a2cff4c2544 100644 (file)
--- a/kernel/module/main.c
+++ b/kernel/module/main.c
@@ -2852,6 +2852,7 @@ static void module_deallocate(struct module *mod, struct load_info *info)
 {
        percpu_modfree(mod);
        module_arch_freeing_init(mod);
+       codetag_free_module_sections(mod);
 
        free_mod_mem(mod);
 }