Kees Bakker <kees@xxxxxxxxxxxx> writes:I have to honest, it wasn't me who found this. It was Coverity.
Op 06-09-2024 om 05:07 schreef Huang Ying:Good catch! Thanks for pointing this out. I should be more careful for
[...]Isn't this a user-after-free?
+static void resource_test_insert_resource(struct kunit *test, struct resource *parent,
+ resource_size_t start, resource_size_t size,
+ const char *name, unsigned long flags)
+{
+ struct resource *res;
+
+ res = kzalloc(sizeof(*res), GFP_KERNEL);
+ KUNIT_ASSERT_NOT_NULL(test, res);
+
+ res->name = name;
+ res->start = start;
+ res->end = start + size - 1;
+ res->flags = flags;
+ if (insert_resource(parent, res)) {
+ kfree(res);
+ KUNIT_FAIL_AND_ABORT(test, "Fail to insert resource %pR\n", res);
the error path.
This may cause use-after-free if failed to allocate memory for+ }
+
+ kunit_add_action_or_reset(test, remove_free_resource, res);
add_action. Will fix this too.
--+}
Best Regards,
Huang, Ying