Op 30-09-2024 om 02:53 schreef Huang, Ying:
Kees Bakker <kees@xxxxxxxxxxxx> writes:
Op 06-09-2024 om 05:07 schreef Huang Ying:
[...]
+static void resource_test_insert_resource(struct kunit *test, struct resource *parent,
+ resource_size_t start, resource_size_t size,
+ const char *name, unsigned long flags)
+{
+ struct resource *res;
+
+ res = kzalloc(sizeof(*res), GFP_KERNEL);
+ KUNIT_ASSERT_NOT_NULL(test, res);
+
+ res->name = name;
+ res->start = start;
+ res->end = start + size - 1;
+ res->flags = flags;
+ if (insert_resource(parent, res)) {
+ kfree(res);
+ KUNIT_FAIL_AND_ABORT(test, "Fail to insert resource %pR\n", res);
Isn't this a user-after-free?
Good catch! Thanks for pointing this out. I should be more careful for
the error path.
I have to honest, it wasn't me who found this. It was Coverity.
+ }
+
+ kunit_add_action_or_reset(test, remove_free_resource, res);
This may cause use-after-free if failed to allocate memory for
add_action. Will fix this too.
+}
--
Best Regards,
Huang, Ying
