Hi Xiaomeng,
On Sun, 27 Mar 2022 16:03:45 +0800 Xiaomeng Tong <xiam0nd.tong@xxxxxxxxx> wrote:
> The bug is here:
> KUNIT_EXPECT_EQ(test, r->ar.start, start + i * expected_width);
> KUNIT_EXPECT_EQ(test, r->ar.end, end);
>
> For the damon_for_each_region(), just like list_for_each_entry(),
> the list iterator 'drm_crtc' will point to a bogus position
> containing HEAD if the list is empty or no element is found.
> This case must be checked before any use of the iterator,
> otherwise it will lead to a invalid memory access.
We ensure 'damon_va_evenly_split_region()' successes before executing the loop,
so the issue cannot occur. That said, I think this patch makes code better to
read. Could you please resend this patch after fixing the commit message?
>
> To fix this bug, just mov two KUNIT_EXPECT_EQ() into the loop
s/mov/move
> when found.
>
> Cc: stable@xxxxxxxxxxxxxxx
> Fixes: 044cd9750fe01 ("mm/damon/vaddr-test: split a test function having >1024 bytes frame size")
> Signed-off-by: Xiaomeng Tong <xiam0nd.tong@xxxxxxxxx>
> ---
> mm/damon/vaddr-test.h | 8 +++++---
> 1 file changed, 5 insertions(+), 3 deletions(-)
>
> diff --git a/mm/damon/vaddr-test.h b/mm/damon/vaddr-test.h
> index 6a1b9272ea12..98b7a9f54b35 100644
> --- a/mm/damon/vaddr-test.h
> +++ b/mm/damon/vaddr-test.h
> @@ -281,14 +281,16 @@ static void damon_test_split_evenly_succ(struct kunit *test,
> KUNIT_EXPECT_EQ(test, damon_nr_regions(t), nr_pieces);
As mentioned above, this will ensure the loop will not result in the bogus
pointer problem.
>
> damon_for_each_region(r, t) {
> - if (i == nr_pieces - 1)
> + if (i == nr_pieces - 1) {
> + KUNIT_EXPECT_EQ(test,
> + r->ar.start, start + i * expected_width);
> + KUNIT_EXPECT_EQ(test, r->ar.end, end);
> break;
> + }
> KUNIT_EXPECT_EQ(test,
> r->ar.start, start + i++ * expected_width);
> KUNIT_EXPECT_EQ(test, r->ar.end, start + i * expected_width);
> }
> - KUNIT_EXPECT_EQ(test, r->ar.start, start + i * expected_width);
> - KUNIT_EXPECT_EQ(test, r->ar.end, end);
> damon_free_target(t);
> }
>
> --
> 2.17.1
>
>
Thanks,
SJ
