From: "Huang, Ying" <ying.huang@intel.com>
To: Kees Bakker <kees@ijzerbout.nl>
Cc: Andrew Morton <akpm@linux-foundation.org>,
linux-mm@kvack.org, linux-kernel@vger.kernel.org,
linux-cxl@vger.kernel.org,
Dan Williams <dan.j.williams@intel.com>,
David Hildenbrand <david@redhat.com>,
Davidlohr Bueso <dave@stgolabs.net>,
Jonathan Cameron <jonathan.cameron@huawei.com>,
Dave Jiang <dave.jiang@intel.com>,
Alison Schofield <alison.schofield@intel.com>,
Vishal Verma <vishal.l.verma@intel.com>,
Ira Weiny <ira.weiny@intel.com>,
Alistair Popple <apopple@nvidia.com>,
Andy Shevchenko <andriy.shevchenko@linux.intel.com>,
Bjorn Helgaas <bhelgaas@google.com>, Baoquan He <bhe@redhat.com>
Subject: Re: [PATCH -v3 3/3] resource, kunit: Add test case for region_intersects()
Date: Mon, 30 Sep 2024 08:53:03 +0800 [thread overview]
Message-ID: <87ldzaotcg.fsf@yhuang6-desk2.ccr.corp.intel.com> (raw)
In-Reply-To: <9c9586ab-0426-46c1-bcc6-6ee2927b7a86@ijzerbout.nl> (Kees Bakker's message of "Sun, 29 Sep 2024 21:45:46 +0200")
Kees Bakker <kees@ijzerbout.nl> writes:
> Op 06-09-2024 om 05:07 schreef Huang Ying:
>> [...]
>> +static void resource_test_insert_resource(struct kunit *test, struct resource *parent,
>> + resource_size_t start, resource_size_t size,
>> + const char *name, unsigned long flags)
>> +{
>> + struct resource *res;
>> +
>> + res = kzalloc(sizeof(*res), GFP_KERNEL);
>> + KUNIT_ASSERT_NOT_NULL(test, res);
>> +
>> + res->name = name;
>> + res->start = start;
>> + res->end = start + size - 1;
>> + res->flags = flags;
>> + if (insert_resource(parent, res)) {
>> + kfree(res);
>> + KUNIT_FAIL_AND_ABORT(test, "Fail to insert resource %pR\n", res);
> Isn't this a user-after-free?
Good catch! Thanks for pointing this out. I should be more careful for
the error path.
>> + }
>> +
>> + kunit_add_action_or_reset(test, remove_free_resource, res);
This may cause use-after-free if failed to allocate memory for
add_action. Will fix this too.
>> +}
>>
--
Best Regards,
Huang, Ying
next prev parent reply other threads:[~2024-09-30 0:56 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-09-06 3:07 [PATCH -v3 0/3] resource: Fix region_intersects() vs add_memory_driver_managed() Huang Ying
2024-09-06 3:07 ` [PATCH -v3 1/3] " Huang Ying
2024-09-08 3:24 ` Andrew Morton
2024-09-09 0:57 ` Huang, Ying
2024-09-06 3:07 ` [PATCH -v3 2/3] resource: Make alloc_free_mem_region() works for iomem_resource Huang Ying
2024-09-09 7:04 ` David Hildenbrand
2024-09-09 7:07 ` Huang, Ying
2024-09-09 8:04 ` David Hildenbrand
2024-09-06 3:07 ` [PATCH -v3 3/3] resource, kunit: Add test case for region_intersects() Huang Ying
2024-09-29 19:45 ` Kees Bakker
2024-09-30 0:53 ` Huang, Ying [this message]
2024-09-30 17:36 ` Kees Bakker
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87ldzaotcg.fsf@yhuang6-desk2.ccr.corp.intel.com \
--to=ying.huang@intel.com \
--cc=akpm@linux-foundation.org \
--cc=alison.schofield@intel.com \
--cc=andriy.shevchenko@linux.intel.com \
--cc=apopple@nvidia.com \
--cc=bhe@redhat.com \
--cc=bhelgaas@google.com \
--cc=dan.j.williams@intel.com \
--cc=dave.jiang@intel.com \
--cc=dave@stgolabs.net \
--cc=david@redhat.com \
--cc=ira.weiny@intel.com \
--cc=jonathan.cameron@huawei.com \
--cc=kees@ijzerbout.nl \
--cc=linux-cxl@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=vishal.l.verma@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox