From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 092ABC433EF for ; Mon, 28 Mar 2022 07:51:12 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 678458D0002; Mon, 28 Mar 2022 03:51:12 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 6279D8D0001; Mon, 28 Mar 2022 03:51:12 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 517278D0002; Mon, 28 Mar 2022 03:51:12 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0023.hostedemail.com [216.40.44.23]) by kanga.kvack.org (Postfix) with ESMTP id 4238B8D0001 for ; Mon, 28 Mar 2022 03:51:12 -0400 (EDT) Received: from smtpin27.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay04.hostedemail.com (Postfix) with ESMTP id D8DB2A22FA for ; Mon, 28 Mar 2022 07:51:11 +0000 (UTC) X-FDA: 79293024342.27.0B79594 Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) by imf04.hostedemail.com (Postfix) with ESMTP id 5F13A40040 for ; Mon, 28 Mar 2022 07:51:11 +0000 (UTC) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id ED8CCB80E76; Mon, 28 Mar 2022 07:51:08 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 0D9CEC004DD; Mon, 28 Mar 2022 07:51:06 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1648453867; bh=+JP5Ab1oWpqS8fzwyXV7SypqA8884zZbHeYFiDOUYbg=; h=From:To:Cc:Subject:Date:In-Reply-To:From; b=g9VuNeim6joiptQyzGGlTwbrBJQBHdctKG6oRM0jRe1VX0NJtCshIKkdWYVGjPZ4+ XXzzmE4Fzok/ffsHEJLyeqpKnFXxLftxIU/U78JmBqoSsW5plU9xnDOirD5Pq6jdTc 2u3YtpjgKL3p1uq2PWefOEmCvndNcIUEfA9i6JZEpJ6de1MFEQClXZL0fl+36O+v3d Rnr2SEcVbmirNVC4QGXeONOWn32wOesViauO0u5MatbM4A7qpcSUjIRVVTm7OdKz5j 7vkPuvKBjN6JiJSEgR6W8XGycvTod39XKTuHHITwEuUGmGIMjOKaHCY1ByBzWIW8hf Ea16OCChdMx0Q== From: sj@kernel.org To: Xiaomeng Tong Cc: sj@kernel.org, akpm@linux-foundation.org, linux-mm@kvack.org, linux-kernel@vger.kernel.org, stable@vger.kernel.org Subject: Re: [PATCH] damon: vaddr-test: fix a missing check on list iterator Date: Mon, 28 Mar 2022 07:51:04 +0000 Message-Id: <20220328075104.31125-1-sj@kernel.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20220327080345.12295-1-xiam0nd.tong@gmail.com> X-Stat-Signature: z4uxiyok4rxzsqd3f1jo3fa1s6uqaawc Authentication-Results: imf04.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=g9VuNeim; spf=pass (imf04.hostedemail.com: domain of sj@kernel.org designates 145.40.68.75 as permitted sender) smtp.mailfrom=sj@kernel.org; dmarc=pass (policy=none) header.from=kernel.org X-Rspam-User: X-Rspamd-Server: rspam02 X-Rspamd-Queue-Id: 5F13A40040 X-HE-Tag: 1648453871-916280 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Hi Xiaomeng, On Sun, 27 Mar 2022 16:03:45 +0800 Xiaomeng Tong wrote: > The bug is here: > KUNIT_EXPECT_EQ(test, r->ar.start, start + i * expected_width); > KUNIT_EXPECT_EQ(test, r->ar.end, end); > > For the damon_for_each_region(), just like list_for_each_entry(), > the list iterator 'drm_crtc' will point to a bogus position > containing HEAD if the list is empty or no element is found. > This case must be checked before any use of the iterator, > otherwise it will lead to a invalid memory access. We ensure 'damon_va_evenly_split_region()' successes before executing the loop, so the issue cannot occur. That said, I think this patch makes code better to read. Could you please resend this patch after fixing the commit message? > > To fix this bug, just mov two KUNIT_EXPECT_EQ() into the loop s/mov/move > when found. > > Cc: stable@vger.kernel.org > Fixes: 044cd9750fe01 ("mm/damon/vaddr-test: split a test function having >1024 bytes frame size") > Signed-off-by: Xiaomeng Tong > --- > mm/damon/vaddr-test.h | 8 +++++--- > 1 file changed, 5 insertions(+), 3 deletions(-) > > diff --git a/mm/damon/vaddr-test.h b/mm/damon/vaddr-test.h > index 6a1b9272ea12..98b7a9f54b35 100644 > --- a/mm/damon/vaddr-test.h > +++ b/mm/damon/vaddr-test.h > @@ -281,14 +281,16 @@ static void damon_test_split_evenly_succ(struct kunit *test, > KUNIT_EXPECT_EQ(test, damon_nr_regions(t), nr_pieces); As mentioned above, this will ensure the loop will not result in the bogus pointer problem. > > damon_for_each_region(r, t) { > - if (i == nr_pieces - 1) > + if (i == nr_pieces - 1) { > + KUNIT_EXPECT_EQ(test, > + r->ar.start, start + i * expected_width); > + KUNIT_EXPECT_EQ(test, r->ar.end, end); > break; > + } > KUNIT_EXPECT_EQ(test, > r->ar.start, start + i++ * expected_width); > KUNIT_EXPECT_EQ(test, r->ar.end, start + i * expected_width); > } > - KUNIT_EXPECT_EQ(test, r->ar.start, start + i * expected_width); > - KUNIT_EXPECT_EQ(test, r->ar.end, end); > damon_free_target(t); > } > > -- > 2.17.1 > > Thanks, SJ