Re: [PATCH -next] lib: fix test_hmm.c reference after free

From: Ralph Campbell
Date: Thu Jun 18 2020 - 12:22:00 EST



On 6/17/20 10:31 PM, Randy Dunlap wrote:
From: Randy Dunlap <rdunlap@xxxxxxxxxxxxx>

Coccinelle scripts report the following errors:

lib/test_hmm.c:523:20-26: ERROR: reference preceded by free on line 521
lib/test_hmm.c:524:21-27: ERROR: reference preceded by free on line 521
lib/test_hmm.c:523:28-35: ERROR: devmem is NULL but dereferenced.
lib/test_hmm.c:524:29-36: ERROR: devmem is NULL but dereferenced.

Fix these by using the local variable 'res' instead of devmem.

Signed-off-by: Randy Dunlap <rdunlap@xxxxxxxxxxxxx>
Cc: JÃrÃme Glisse <jglisse@xxxxxxxxxx>
Cc: linux-mm@xxxxxxxxx
Cc: Ralph Campbell <rcampbell@xxxxxxxxxx>
---
lib/test_hmm.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)

--- linux-next-20200617.orig/lib/test_hmm.c
+++ linux-next-20200617/lib/test_hmm.c
@@ -520,8 +520,7 @@ static bool dmirror_allocate_chunk(struc
err_free:
kfree(devmem);
err_release:
- release_mem_region(devmem->pagemap.res.start,
- resource_size(&devmem->pagemap.res));
+ release_mem_region(res->start, resource_size(res));
err:
mutex_unlock(&mdevice->devmem_lock);
return false;


Thanks for fixing this!
Reviewed-by: Ralph Campbell <rcampbell@xxxxxxxxxx>