subject:"\[PATCH v2\] mm\/hmm\/test\: use after free in dmirror_allocate_chunk\(\)"

Re: [PATCH v2] mm/hmm/test: use after free in dmirror_allocate_chunk()

2020-09-24 Thread Ralph Campbell

On 9/24/20 6:46 AM, Dan Carpenter wrote: The error handling code does this: err_free: kfree(devmem); ^ err_release: release_mem_region(devmem->pagemap.range.start, range_len(>pagemap.range)); The problem is that when

[PATCH v2] mm/hmm/test: use after free in dmirror_allocate_chunk()

2020-09-24 Thread Dan Carpenter

The error handling code does this: err_free: kfree(devmem); ^ err_release: release_mem_region(devmem->pagemap.range.start, range_len(>pagemap.range)); The problem is that when we use "devmem->pagemap.range.start" the