Received: by 2002:a05:7412:37c9:b0:e2:908c:2ebd with SMTP id jz9csp1215358rdb; Wed, 20 Sep 2023 03:04:27 -0700 (PDT) X-Google-Smtp-Source: AGHT+IH2MIW3JlqfSyhz2RCqttMHrccL2TTevIzureGQbkTtPqxvH5hKwJIraTDJKLQjZft/a5Ma X-Received: by 2002:a17:902:e545:b0:1c3:2c2f:1132 with SMTP id n5-20020a170902e54500b001c32c2f1132mr1827880plf.54.1695204266625; Wed, 20 Sep 2023 03:04:26 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1695204266; cv=none; d=google.com; s=arc-20160816; b=YS3kbHyhDINGkAU/+iJLDWs5AssAbsfjQMbQ1r2XQbiD0+beVwbllFX82VaomvgNgy ZX4bzdA+/gUWOSRVFYRS7X7AEkRmvnPGUJj7TTIgC9TP25AfzseBrmoXKKLnUHBmZ1H8 Z+wRHWLbQzc4mgalGnO8QumOgYd0PuJxY1azbYoZhF6n6eF6guXbZ3UBGj/dut+085pG KlD7c05w0tZkK9VmIHRbdidFXWT1/YKzBC/2F8TKvHzzn0Qwe7RUmO38+100ID0S4rIM 7y7w+pLPUF3LjgxuDmMQxENrm/IYks0EtbbQdkWNIa5KSYLX0u98rbLkEGVlf4XBfdsb c12g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:in-reply-to:references:message-id :content-transfer-encoding:mime-version:subject:date:from :dkim-signature; bh=m2alIk/GG+uCE26xwVYOHgUv6so4vjw1+eTlNkLeC2Q=; fh=fKawFa2YyhiNtmBUWJyXPPFKAYTFYbgxUOXBfiSj/go=; b=QYsduT4bwRoRrUrkCzJMa+Al5vZ7jlOhPlZ+8mSJfpHenAXCuUvLnuLitWyNIDTiD6 4jDN1LUZnf2Axxq3wYIaCP3W8/EioN6KTm+ReNGKWaA0P+QIp7oXDy0UYX3QCCGWPpcw bi5wIkLBVVyXsir9UQ9klaYdCE1+HqnjeCY/RAJIKX6t876ZM6dxkFBAgmFslvwzht9m IJzTWMPSw8ZskTYrouL54x4u6TqH0sCzWHCGmzGyyl6pz+kgyNZ5gefI2MbYEqXWqjx5 WFDguWSWkUWudyMNvhSx/FgSDss7d/5RGy072x9RJ/LC/ZP6V7WeJrDnQl3tCtOo9TD0 UrYA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@riseup.net header.s=squak header.b=mxVnSags; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.34 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=riseup.net Return-Path: Received: from howler.vger.email (howler.vger.email. [23.128.96.34]) by mx.google.com with ESMTPS id s4-20020a170902ea0400b001bc650255b6si12036691plg.390.2023.09.20.03.03.49 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 20 Sep 2023 03:04:26 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.34 as permitted sender) client-ip=23.128.96.34; Authentication-Results: mx.google.com; dkim=pass header.i=@riseup.net header.s=squak header.b=mxVnSags; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.34 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=riseup.net Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by howler.vger.email (Postfix) with ESMTP id ACA32821FD31; Tue, 19 Sep 2023 23:12:24 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at howler.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233106AbjITGMS (ORCPT + 99 others); Wed, 20 Sep 2023 02:12:18 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:37074 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233071AbjITGMP (ORCPT ); Wed, 20 Sep 2023 02:12:15 -0400 Received: from mx1.riseup.net (mx1.riseup.net [198.252.153.129]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 300B7AB for ; Tue, 19 Sep 2023 23:12:10 -0700 (PDT) Received: from fews01-sea.riseup.net (fews01-sea-pn.riseup.net [10.0.1.109]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx1.riseup.net (Postfix) with ESMTPS id 4Rr7V14hLXzDqXw; Wed, 20 Sep 2023 06:12:09 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=riseup.net; s=squak; t=1695190329; bh=fUAP3DnfFB5U+52Bq5MafLAeg1adG6y6vZPwxErgpnE=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=mxVnSagskHPKGda5g+dzvx0XWWSTwd6KsrXa98MqQTX9LOanbiyDIwORS147uhHbz G8Za8Fjqkier2oLBbKmouRLrH0p4mhPucBGWjrd9bV0hQJCqsc3458NAwrNfNspT+u 5abRqFObzentGQudSo2PeuLDUx5M5cz0n4jATrd4= X-Riseup-User-ID: 9CDC494F409216343264C4271203D1F47C7D971762D24FC87C32E712B32E6123 Received: from [127.0.0.1] (localhost [127.0.0.1]) by fews01-sea.riseup.net (Postfix) with ESMTPSA id 4Rr7Tx5vTyzJq7x; Wed, 20 Sep 2023 06:12:05 +0000 (UTC) From: Arthur Grillo Date: Wed, 20 Sep 2023 03:11:37 -0300 Subject: [PATCH 2/3] kunit: Add kunit_move_action_to_top_or_reset() to reorder actions MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Message-Id: <20230920-kunit-kasan-fixes-v1-2-1a0fc261832d@riseup.net> References: <20230920-kunit-kasan-fixes-v1-0-1a0fc261832d@riseup.net> In-Reply-To: <20230920-kunit-kasan-fixes-v1-0-1a0fc261832d@riseup.net> To: David Airlie , Daniel Vetter , Maxime Ripard , Javier Martinez Canillas , Brendan Higgins , David Gow Cc: tales.aparecida@gmail.com, andrealmeid@riseup.net, mairacanal@riseup.net, dri-devel@lists.freedesktop.org, linux-kernel@vger.kernel.org, kunit-dev@googlegroups.com, Arthur Grillo X-Spam-Status: No, score=-2.8 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,SPF_HELO_PASS,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (howler.vger.email [0.0.0.0]); Tue, 19 Sep 2023 23:12:25 -0700 (PDT) On Kunit, if we allocate a resource A and B on this order, with its deferred actions to free them. The resource stack would be something like this: +---------+ | free(B) | +---------+ | ... | +---------+ | free(A) | +---------+ If the deferred action of A accesses B, this would cause a use-after-free bug. To solve that, we need a way to change the order of actions. Create a function to move an action to the top of the resource stack, as shown in the diagram below. +---------+ +---------+ | free(B) | | free(A) | +---------+ +---------+ | ... | -> | free(B) | +---------+ +---------+ | free(A) | | ... | +---------+ +---------+ Signed-off-by: Arthur Grillo --- include/kunit/resource.h | 17 +++++++++++++++++ lib/kunit/resource.c | 19 +++++++++++++++++++ 2 files changed, 36 insertions(+) diff --git a/include/kunit/resource.h b/include/kunit/resource.h index c7383e90f5c9..c598b23680e3 100644 --- a/include/kunit/resource.h +++ b/include/kunit/resource.h @@ -479,4 +479,21 @@ void kunit_remove_action(struct kunit *test, void kunit_release_action(struct kunit *test, kunit_action_t *action, void *ctx); + +/** + * kunit_move_action_to_top_or_reset - Move a previously added action to the top + * of the order of actions calls. + * @test: Test case to associate the action with. + * @action: The function to run on test exit + * @ctx: Data passed into @func + * + * Reorder the action stack, by moving the desired action to the top. + * + * Returns: + * 0 on success, an error if the action could not be inserted on the top. + */ +int kunit_move_action_to_top_or_reset(struct kunit *test, + kunit_action_t *action, + void *ctx); + #endif /* _KUNIT_RESOURCE_H */ diff --git a/lib/kunit/resource.c b/lib/kunit/resource.c index f0209252b179..fe40a34b62a6 100644 --- a/lib/kunit/resource.c +++ b/lib/kunit/resource.c @@ -176,3 +176,22 @@ void kunit_release_action(struct kunit *test, } } EXPORT_SYMBOL_GPL(kunit_release_action); + +int kunit_move_action_to_top_or_reset(struct kunit *test, + kunit_action_t *action, + void *ctx) +{ + struct kunit_action_ctx match_ctx; + struct kunit_resource *res; + + match_ctx.func = action; + match_ctx.ctx = ctx; + res = kunit_find_resource(test, __kunit_action_match, &match_ctx); + if (res) { + kunit_remove_action(test, action, ctx); + return kunit_add_action_or_reset(test, action, ctx); + } + + return 0; +} +EXPORT_SYMBOL_GPL(kunit_move_action_to_top_or_reset); -- 2.41.0