kernel / kernel-source

Clone
Source Code
GIT

Files

  1.   6a701962a14ad3c48c13403201cdab8f9928942c
  2.   patches.suse
  3.   lib-fix-test_hmm-c-reference-after-free.patch
Blob Blame History Raw 
From: Randy Dunlap <rdunlap@infradead.org>
Date: Thu, 25 Jun 2020 20:29:43 -0700
Subject: lib: fix test_hmm.c reference after free
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Git-commit: 786ae133e07f2a6b352a0efad16b555ee45a2898
Patch-mainline: v5.8-rc3
References: jsc#SLE-16387

Coccinelle scripts report the following errors:

  lib/test_hmm.c:523:20-26: ERROR: reference preceded by free on line 521
  lib/test_hmm.c:524:21-27: ERROR: reference preceded by free on line 521
  lib/test_hmm.c:523:28-35: ERROR: devmem is NULL but dereferenced.
  lib/test_hmm.c:524:29-36: ERROR: devmem is NULL but dereferenced.

Fix these by using the local variable 'res' instead of devmem.

Link: http://lkml.kernel.org/r/c845c158-9c65-9665-0d0b-00342846dd07@infradead.org
Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
Reviewed-by: Ralph Campbell <rcampbell@nvidia.com>
Cc: Jérôme Glisse <jglisse@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Vlastimil Babka <vbabka@suse.cz>
---
 lib/test_hmm.c |    3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

--- a/lib/test_hmm.c
+++ b/lib/test_hmm.c
@@ -520,8 +520,7 @@ static bool dmirror_allocate_chunk(struc
 err_free:
 	kfree(devmem);
 err_release:
-	release_mem_region(devmem->pagemap.res.start,
-			   resource_size(&devmem->pagemap.res));
+	release_mem_region(res->start, resource_size(res));
 err:
 	mutex_unlock(&mdevice->devmem_lock);
 	return false;
Powered by Pagure 5.13.3
DocumentationAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.