From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=yKvj=KH=kvack.org=owner-linux-mm@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-18.0 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH,
	DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,
	INCLUDES_CR_TRAILER,INCLUDES_PATCH,MAILING_LIST_MULTI,NICE_REPLY_A,
	SPF_HELO_NONE,SPF_PASS,USER_AGENT_SANE_1 autolearn=ham autolearn_force=no
	version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 6756CC433ED
	for <linux-mm@archiver.kernel.org>; Wed, 12 May 2021 12:16:49 +0000 (UTC)
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by mail.kernel.org (Postfix) with ESMTP id C2A5B61353
	for <linux-mm@archiver.kernel.org>; Wed, 12 May 2021 12:16:48 +0000 (UTC)
DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org C2A5B61353
Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=redhat.com
Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix)
	id 34CE86B0036; Wed, 12 May 2021 08:16:48 -0400 (EDT)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 323106B006E; Wed, 12 May 2021 08:16:48 -0400 (EDT)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 1C47B6B0070; Wed, 12 May 2021 08:16:48 -0400 (EDT)
X-Delivered-To: linux-mm@kvack.org
Received: from forelay.hostedemail.com (smtprelay0159.hostedemail.com [216.40.44.159])
	by kanga.kvack.org (Postfix) with ESMTP id 01DD96B0036
	for <linux-mm@kvack.org>; Wed, 12 May 2021 08:16:47 -0400 (EDT)
Received: from smtpin23.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251])
	by forelay05.hostedemail.com (Postfix) with ESMTP id BF2D6181AF5FD
	for <linux-mm@kvack.org>; Wed, 12 May 2021 12:16:47 +0000 (UTC)
X-FDA: 78132477654.23.8A65238
Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [216.205.24.124])
	by imf27.hostedemail.com (Postfix) with ESMTP id 27D8F801A817
	for <linux-mm@kvack.org>; Wed, 12 May 2021 12:16:46 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1620821806;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=TF0XD7Wknxks/ruabeXwBqFpm/WqgQbDrPxUmrMQUjA=;
	b=H/XcqfSImh3sIZOSOgppgkNC3EADkxUUI7WEAcgeeWtOt/OJRKLroKbxk3FfcOe9pplLyD
	DU/ClGPA5JgJbGspqGy+wCrfDOWvWkWy6/O1OiVT0ZW3l7vE1aOgxSpc12c4K0VByB6qrI
	5Dnlovg8mZKmeh5VZO3ZM7BTYNrm5A8=
Received: from mail-ed1-f72.google.com (mail-ed1-f72.google.com
 [209.85.208.72]) (Using TLS) by relay.mimecast.com with ESMTP id
 us-mta-591-rHaxhFS9NciGpIvTKKsy2Q-1; Wed, 12 May 2021 08:16:45 -0400
X-MC-Unique: rHaxhFS9NciGpIvTKKsy2Q-1
Received: by mail-ed1-f72.google.com with SMTP id x3-20020a50ba830000b029038caed0dd2eso1604650ede.7
        for <linux-mm@kvack.org>; Wed, 12 May 2021 05:16:44 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:subject:to:cc:references:from:organization
         :message-id:date:user-agent:mime-version:in-reply-to
         :content-language:content-transfer-encoding;
        bh=TF0XD7Wknxks/ruabeXwBqFpm/WqgQbDrPxUmrMQUjA=;
        b=eTDUjDMPdGtUXsY9ylEsmroaHW0maTT3FMTSFiCGAO5+cHhrR4lTobhsldmYb4cMAp
         mPZkkPDzxVk7gfMpPwf6Sr7mXDFY98zKK+eeFDZmHBVORxb3P0Ehlna4EV5eNdqmWk6i
         SGurSxXeD/gD6puM0wZ4symXKeKMRMDkvzZfSJ191yPmi/slFOqRmerELzphmPhm7LqW
         D6i82Asheuv58Vu0/Ermlb0Hae7A6ykPRDyGqofVtAlafOqFuUgEUP7yMFQPF3CkhDpK
         xNQ09ttY2b1jdyHDsGSZiRzkMovKugQ2omEY8jUGZukyfa/QBT1oCMP8Cel+ysaI6aLN
         O6UQ==
X-Gm-Message-State: AOAM5336IQKgCs02CswqF5vgt5hpZDaS09ktEdwrvoB5gEL2de985KQq
	QJ6yXxJ7mkc2pelEIC/tfCsHKCPVilSlC+th99MBEpuY0Z9mkHP3o0KjgPGTSOFbowsIFzuuB+g
	eJ/ANjDmB+/8=
X-Received: by 2002:a05:6402:7c7:: with SMTP id u7mr42632446edy.2.1620821803848;
        Wed, 12 May 2021 05:16:43 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJyFqU024A/+KpWf3UZK5Qo+0bBLnGu5UeFPvfxz2AbGPhoExfh3BQ94tA24JW4YiogLCriQ4Q==
X-Received: by 2002:a05:6402:7c7:: with SMTP id u7mr42632401edy.2.1620821803582;
        Wed, 12 May 2021 05:16:43 -0700 (PDT)
Received: from [192.168.3.132] (p5b0c65ab.dip0.t-ipconnect.de. [91.12.101.171])
        by smtp.gmail.com with ESMTPSA id pw11sm13990518ejb.88.2021.05.12.05.16.42
        (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
        Wed, 12 May 2021 05:16:43 -0700 (PDT)
Subject: Re: [PATCH] kernel/resource: Fix return code check in
 __request_free_mem_region
To: Alistair Popple <apopple@nvidia.com>, akpm@linux-foundation.org
Cc: bsingharora@gmail.com, dan.j.williams@intel.com, daniel.vetter@ffwll.ch,
 gregkh@linuxfoundation.org, jglisse@redhat.com, jhubbard@nvidia.com,
 linux-mm@kvack.org, smuchun@gmail.com, linux-kernel@vger.kernel.org,
 kernel test robot <oliver.sang@intel.com>
References: <20210512073528.22334-1-apopple@nvidia.com>
From: David Hildenbrand <david@redhat.com>
Organization: Red Hat
Message-ID: <7f86af3c-15ba-6ad4-8f6e-1e814a6eac1f@redhat.com>
Date: Wed, 12 May 2021 14:16:41 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101
 Thunderbird/78.8.1
MIME-Version: 1.0
In-Reply-To: <20210512073528.22334-1-apopple@nvidia.com>
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Authentication-Results: imf27.hostedemail.com;
	dkim=pass header.d=redhat.com header.s=mimecast20190719 header.b="H/XcqfSI";
	dmarc=pass (policy=none) header.from=redhat.com;
	spf=none (imf27.hostedemail.com: domain of david@redhat.com has no SPF policy when checking 216.205.24.124) smtp.mailfrom=david@redhat.com
X-Rspamd-Server: rspam05
X-Rspamd-Queue-Id: 27D8F801A817
X-Stat-Signature: hw63d37nms9txby57qo9zwy6n35k8uun
Received-SPF: none (redhat.com>: No applicable sender policy available) receiver=imf27; identity=mailfrom; envelope-from="<david@redhat.com>"; helo=us-smtp-delivery-124.mimecast.com; client-ip=216.205.24.124
X-HE-DKIM-Result: pass/pass
X-HE-Tag: 1620821806-631974
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>

On 12.05.21 09:35, Alistair Popple wrote:
> Splitting an earlier version of a patch that allowed calling
> __request_region() while holding the resource lock into a series of
> patches required changing the return code for the newly introduced
> __request_region_locked().
> 
> Unfortunately this change was not carried through to a subsequent
> commit 56fd94919b8b ("kernel/resource: fix locking in
> request_free_mem_region") in the series. This resulted in a
> use-after-free due to freeing the struct resource without properly
> releasing it. Fix this by correcting the return code check so that the
> struct is not freed if the request to add it was successful.
> 
> Reported-by: kernel test robot <oliver.sang@intel.com>
> Fixes: 56fd94919b8b ("kernel/resource: fix locking in request_free_mem_region")
> Signed-off-by: Alistair Popple <apopple@nvidia.com>
> ---
>   kernel/resource.c | 2 +-
>   1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/kernel/resource.c b/kernel/resource.c
> index 028a5ab18818..ca9f5198a01f 100644
> --- a/kernel/resource.c
> +++ b/kernel/resource.c
> @@ -1805,7 +1805,7 @@ static struct resource *__request_free_mem_region(struct device *dev,
>   				REGION_DISJOINT)
>   			continue;
>   
> -		if (!__request_region_locked(res, &iomem_resource, addr, size,
> +		if (__request_region_locked(res, &iomem_resource, addr, size,
>   						name, 0))
>   			break;
>   
> 

Ouch, missed that, would have expected this pops up right away when testing.

Reviewed-by: David Hildenbrand <david@redhat.com>

-- 
Thanks,

David / dhildenb