From: Kees Bakker <kees@ijzerbout.nl>
To: "Huang, Ying" <ying.huang@intel.com>
Cc: Andrew Morton <akpm@linux-foundation.org>,
linux-mm@kvack.org, linux-kernel@vger.kernel.org,
linux-cxl@vger.kernel.org,
Dan Williams <dan.j.williams@intel.com>,
David Hildenbrand <david@redhat.com>,
Davidlohr Bueso <dave@stgolabs.net>,
Jonathan Cameron <jonathan.cameron@huawei.com>,
Dave Jiang <dave.jiang@intel.com>,
Alison Schofield <alison.schofield@intel.com>,
Vishal Verma <vishal.l.verma@intel.com>,
Ira Weiny <ira.weiny@intel.com>,
Alistair Popple <apopple@nvidia.com>,
Andy Shevchenko <andriy.shevchenko@linux.intel.com>,
Bjorn Helgaas <bhelgaas@google.com>, Baoquan He <bhe@redhat.com>
Subject: Re: [PATCH -v3 3/3] resource, kunit: Add test case for region_intersects()
Date: Mon, 30 Sep 2024 19:36:22 +0200 [thread overview]
Message-ID: <35130b82-0b6f-4468-83a2-084f188fcf5d@ijzerbout.nl> (raw)
In-Reply-To: <87ldzaotcg.fsf@yhuang6-desk2.ccr.corp.intel.com>
Op 30-09-2024 om 02:53 schreef Huang, Ying:
> Kees Bakker <kees@ijzerbout.nl> writes:
>
>> Op 06-09-2024 om 05:07 schreef Huang Ying:
>>> [...]
>>> +static void resource_test_insert_resource(struct kunit *test, struct resource *parent,
>>> + resource_size_t start, resource_size_t size,
>>> + const char *name, unsigned long flags)
>>> +{
>>> + struct resource *res;
>>> +
>>> + res = kzalloc(sizeof(*res), GFP_KERNEL);
>>> + KUNIT_ASSERT_NOT_NULL(test, res);
>>> +
>>> + res->name = name;
>>> + res->start = start;
>>> + res->end = start + size - 1;
>>> + res->flags = flags;
>>> + if (insert_resource(parent, res)) {
>>> + kfree(res);
>>> + KUNIT_FAIL_AND_ABORT(test, "Fail to insert resource %pR\n", res);
>> Isn't this a user-after-free?
> Good catch! Thanks for pointing this out. I should be more careful for
> the error path.
I have to honest, it wasn't me who found this. It was Coverity.
>>> + }
>>> +
>>> + kunit_add_action_or_reset(test, remove_free_resource, res);
> This may cause use-after-free if failed to allocate memory for
> add_action. Will fix this too.
>
>>> +}
>>>
> --
> Best Regards,
> Huang, Ying
prev parent reply other threads:[~2024-09-30 17:36 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-09-06 3:07 [PATCH -v3 0/3] resource: Fix region_intersects() vs add_memory_driver_managed() Huang Ying
2024-09-06 3:07 ` [PATCH -v3 1/3] " Huang Ying
2024-09-08 3:24 ` Andrew Morton
2024-09-09 0:57 ` Huang, Ying
2024-09-06 3:07 ` [PATCH -v3 2/3] resource: Make alloc_free_mem_region() works for iomem_resource Huang Ying
2024-09-09 7:04 ` David Hildenbrand
2024-09-09 7:07 ` Huang, Ying
2024-09-09 8:04 ` David Hildenbrand
2024-09-06 3:07 ` [PATCH -v3 3/3] resource, kunit: Add test case for region_intersects() Huang Ying
2024-09-29 19:45 ` Kees Bakker
2024-09-30 0:53 ` Huang, Ying
2024-09-30 17:36 ` Kees Bakker [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=35130b82-0b6f-4468-83a2-084f188fcf5d@ijzerbout.nl \
--to=kees@ijzerbout.nl \
--cc=akpm@linux-foundation.org \
--cc=alison.schofield@intel.com \
--cc=andriy.shevchenko@linux.intel.com \
--cc=apopple@nvidia.com \
--cc=bhe@redhat.com \
--cc=bhelgaas@google.com \
--cc=dan.j.williams@intel.com \
--cc=dave.jiang@intel.com \
--cc=dave@stgolabs.net \
--cc=david@redhat.com \
--cc=ira.weiny@intel.com \
--cc=jonathan.cameron@huawei.com \
--cc=linux-cxl@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=vishal.l.verma@intel.com \
--cc=ying.huang@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox