| Message ID | c845c158-9c65-9665-0d0b-00342846dd07@infradead.org (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | [-next] lib: fix test_hmm.c reference after free | expand |
On 6/17/20 10:31 PM, Randy Dunlap wrote: > From: Randy Dunlap <rdunlap@infradead.org> > > Coccinelle scripts report the following errors: > > lib/test_hmm.c:523:20-26: ERROR: reference preceded by free on line 521 > lib/test_hmm.c:524:21-27: ERROR: reference preceded by free on line 521 > lib/test_hmm.c:523:28-35: ERROR: devmem is NULL but dereferenced. > lib/test_hmm.c:524:29-36: ERROR: devmem is NULL but dereferenced. > > Fix these by using the local variable 'res' instead of devmem. > > Signed-off-by: Randy Dunlap <rdunlap@infradead.org> > Cc: Jérôme Glisse <jglisse@redhat.com> > Cc: linux-mm@kvack.org > Cc: Ralph Campbell <rcampbell@nvidia.com> > --- > lib/test_hmm.c | 3 +-- > 1 file changed, 1 insertion(+), 2 deletions(-) > > --- linux-next-20200617.orig/lib/test_hmm.c > +++ linux-next-20200617/lib/test_hmm.c > @@ -520,8 +520,7 @@ static bool dmirror_allocate_chunk(struc > err_free: > kfree(devmem); > err_release: > - release_mem_region(devmem->pagemap.res.start, > - resource_size(&devmem->pagemap.res)); > + release_mem_region(res->start, resource_size(res)); > err: > mutex_unlock(&mdevice->devmem_lock); > return false; > Thanks for fixing this! Reviewed-by: Ralph Campbell <rcampbell@nvidia.com>
--- linux-next-20200617.orig/lib/test_hmm.c +++ linux-next-20200617/lib/test_hmm.c @@ -520,8 +520,7 @@ static bool dmirror_allocate_chunk(struc err_free: kfree(devmem); err_release: - release_mem_region(devmem->pagemap.res.start, - resource_size(&devmem->pagemap.res)); + release_mem_region(res->start, resource_size(res)); err: mutex_unlock(&mdevice->devmem_lock); return false;