www.infradead.org Git - users/hch/misc.git/commit

author	Huang Ying <ying.huang@intel.com>
	Mon, 30 Sep 2024 07:06:11 +0000 (15:06 +0800)
committer	Andrew Morton <akpm@linux-foundation.org>
	Wed, 9 Oct 2024 19:47:19 +0000 (12:47 -0700)
commit	0665d7a39bdf92c8ac3dc390501f303907c87f62
tree	760b1297c514385b937c2367fb8a1e2532ffdbf6	tree
parent	3d5854d75e3187147613130561b58f0b06166172	commit \| diff

resource, kunit: fix user-after-free in resource_test_region_intersects()

In resource_test_insert_resource(), the pointer is used in error message
after kfree().  This is user-after-free.  To fix this, we need to call
kunit_add_action_or_reset() to schedule memory freeing after usage.  But
kunit_add_action_or_reset() itself may fail and free the memory.  So, its
return value should be checked and abort the test for failure.  Then, we
found that other usage of kunit_add_action_or_reset() in
resource_test_region_intersects() needs to be fixed too.  We fix all these
user-after-free bugs in this patch.

Link: https://lkml.kernel.org/r/20240930070611.353338-1-ying.huang@intel.com
Fixes: 99185c10d5d9 ("resource, kunit: add test case for region_intersects()")
Signed-off-by: "Huang, Ying" <ying.huang@intel.com>
Reported-by: Kees Bakker <kees@ijzerbout.nl>
Closes: https://lore.kernel.org/lkml/87ldzaotcg.fsf@yhuang6-desk2.ccr.corp.intel.com/
Cc: Dan Williams <dan.j.williams@intel.com>
Cc: David Hildenbrand <david@redhat.com>
Cc: Bjorn Helgaas <bhelgaas@google.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>