On Sat, 26 Sep 2020 19:17:20 -0300 Jason Gunthorpe <jgg@xxxxxxxx> wrote:
> On Sat, Sep 26, 2020 at 03:14:02PM +0300, Dan Carpenter wrote:
> > The error handling code does this:
> >
> > err_free:
> > kfree(devmem);
> > ^^^^^^^^^^^^^
> > err_release:
> > release_mem_region(devmem->pagemap.range.start, range_len(&devmem->pagemap.range));
> > ^^^^^^^^
> > The problem is that when we use "devmem->pagemap.range.start" the
> > "devmem" pointer is either NULL or freed.
> >
> > Neither the allocation nor the call to request_free_mem_region() has to
> > be done under the lock so I moved those to the start of the function.
> >
> > Fixes: 1f9c4bb986d9 ("mm/memremap_pages: convert to 'struct range'")
> > Signed-off-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
> > Reviewed-by: Ralph Campbell <rcampbell@xxxxxxxxxx>
> > ---
> > v2: The first version introduced a locking bug
> > v3: Markus Elfring pointed out that the Fixes tag was wrong. This bug
> > was in the original commit and then fixed and then re-introduced. I was
> > quite bothered by how this bug lasted so long in the source code, but
> > now we know. As soon as it is introduced we fixed it.
> >
> > One problem with the kernel QC process is that I think everyone marks
> > the bug as "old/dealt with" so it was only because I was added a new
> > check for resource leaks that it was found when it was re-introduced.
> >
> > lib/test_hmm.c | 44 ++++++++++++++++++++++----------------------
> > 1 file changed, 22 insertions(+), 22 deletions(-)
>
> Hi Andrew,
>
> I don't have have any hmm related patches this cycle, can you take
> this into your tree?
>
> Reviewed-by: Jason Gunthorpe <jgg@xxxxxxxxxx>
Thanks.
It's actually a fix against Dan Williams' -mm patch "mm/memremap_pages:
convert to 'struct range'"
