mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
synced 2026-04-29 10:34:22 -04:00
fd75f3694b
With CONFIG_DEBUG_SLAB=y:
# Subtest: input_core
1..3
input: Test input device as /devices/virtual/input/input1
8<--- cut here ---
Unable to handle kernel paging request at virtual address 6b6b6dd7 when read
...
__lock_acquire from lock_acquire+0x26c/0x300
lock_acquire from _raw_spin_lock_irqsave+0x50/0x64
_raw_spin_lock_irqsave from devres_remove+0x20/0x7c
devres_remove from devres_destroy+0x8/0x24
devres_destroy from input_free_device+0x2c/0x60
input_free_device from kunit_try_run_case+0x70/0x94 [kunit]
Without CONFIG_DEBUG_SLAB=y:
KTAP version 1
# Subtest: input_core
1..3
input: Test input device as /devices/virtual/input/input1
------------[ cut here ]------------
WARNING: CPU: 0 PID: 694 at lib/refcount.c:28 refcount_warn_saturate+0x54/0x100
refcount_t: underflow; use-after-free.
...
Call Trace: [<0037cad4>] dump_stack+0xc/0x10
[<00377614>] __warn+0x7e/0xb4
[<0037768c>] warn_slowpath_fmt+0x42/0x62
[<001eee1c>] refcount_warn_saturate+0x54/0x100
[<000b1d34>] kfree_const+0x0/0x20
[<0036290a>] __kobject_del+0x0/0x6e
[<001eee1c>] refcount_warn_saturate+0x54/0x100
[<00362a1a>] kobject_put+0xa2/0xb6
[<11965770>] kunit_generic_run_threadfn_adapter+0x0/0x1c [kunit]
As per the comments for input_allocate_device() and
input_register_device(), input_free_device() must be called only to free
devices that have not been registered. input_unregister_device()
already calls input_put_device(), thus leading to a use-after-free.
Moreover, the kunit_suite.exit() method is called after every test case,
even on failures. As the test itself already does cleanups in its
failure paths, this may lead to a second use-after-free.
Fix the first issue by dropping the call to input_allocate_device() from
input_test_exit().
Fix the second issue by making the cleanup code conditional on a
successful test.
Fixes: fdefcbdd6f ("Input: Add KUnit tests for some of the input core helper functions")
Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be>
Reviewed-by: Javier Martinez Canillas <javierm@redhat.com>
Link: https://lore.kernel.org/r/957b3b309a44d39fb6e38b2a526b250f69ea3d2c.1683022164.git.geert+renesas@glider.be
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Linux kernel
============
There are several guides for kernel developers and users. These guides can
be rendered in a number of formats, like HTML and PDF. Please read
Documentation/admin-guide/README.rst first.
In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``. The formatted documentation can also be read online at:
https://www.kernel.org/doc/html/latest/
There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.
Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.