subject:"\[PATCH v3\] mm\/hmm\/test\: use after free in dmirror_allocate

Re: [PATCH v3] mm/hmm/test: use after free in dmirror_allocate_chunk()

2020-09-28 Thread Dan Williams

On Mon, Sep 28, 2020 at 5:52 PM Andrew Morton wrote: > > On Sat, 26 Sep 2020 19:17:20 -0300 Jason Gunthorpe wrote: > > > On Sat, Sep 26, 2020 at 03:14:02PM +0300, Dan Carpenter wrote: > > > The error handling code does this: > > > > > > err_free: > > > kfree(devmem); > > >

Re: [PATCH v3] mm/hmm/test: use after free in dmirror_allocate_chunk()

2020-09-28 Thread Andrew Morton

On Sat, 26 Sep 2020 19:17:20 -0300 Jason Gunthorpe wrote: > On Sat, Sep 26, 2020 at 03:14:02PM +0300, Dan Carpenter wrote: > > The error handling code does this: > > > > err_free: > > kfree(devmem); > > ^ > > err_release: > >

Re: [PATCH v3] mm/hmm/test: use after free in dmirror_allocate_chunk()

2020-09-26 Thread Jason Gunthorpe

On Sat, Sep 26, 2020 at 03:14:02PM +0300, Dan Carpenter wrote: > The error handling code does this: > > err_free: > kfree(devmem); > ^ > err_release: > release_mem_region(devmem->pagemap.range.start, > range_len(>pagemap.range)); >

[PATCH v3] mm/hmm/test: use after free in dmirror_allocate_chunk()

2020-09-26 Thread Dan Carpenter

The error handling code does this: err_free: kfree(devmem); ^ err_release: release_mem_region(devmem->pagemap.range.start, range_len(>pagemap.range)); The problem is that when we use "devmem->pagemap.range.start" the

Re: [PATCH v3] mm/hmm/test: use after free in dmirror_allocate_chunk()

Re: [PATCH v3] mm/hmm/test: use after free in dmirror_allocate_chunk()

Re: [PATCH v3] mm/hmm/test: use after free in dmirror_allocate_chunk()

[PATCH v3] mm/hmm/test: use after free in dmirror_allocate_chunk()

4 matches

Site Navigation

Mail list logo

Footer information