From: Xiaolei Wang <[email protected]>
commit cffa4b2122f5f3e53cf3d529bbc74651f95856d5 upstream.
After initializing the regmap through
syscon_regmap_lookup_by_compatible, then regmap_attach_dev to the
device, because the debugfs_name has been allocated, there is no
need to redistribute it again
unreferenced object 0xd8399b80 (size 64):
comm "swapper/0", pid 1, jiffies 4294937641 (age 278.590s)
hex dump (first 32 bytes):
64 75 6d 6d 79 2d 69 6f 6d 75 78 63 2d 67 70 72
dummy-iomuxc-gpr
40 32 30 65 34 30 30 30 00 7f 52 5b d8 7e 42 69
@20e4000..R[.~Bi
backtrace:
[<ca384d6f>] kasprintf+0x2c/0x54
[<6ad3bbc2>] regmap_debugfs_init+0xdc/0x2fc
[<bc4181da>] __regmap_init+0xc38/0xd88
[<1f7e0609>] of_syscon_register+0x168/0x294
[<735e8766>] device_node_get_regmap+0x6c/0x98
[<d96c8982>] imx6ul_init_machine+0x20/0x88
[<0456565b>] customize_machine+0x1c/0x30
[<d07393d8>] do_one_initcall+0x80/0x3ac
[<7e584867>] kernel_init_freeable+0x170/0x1f0
[<80074741>] kernel_init+0x8/0x120
[<285d6f28>] ret_from_fork+0x14/0x20
[<00000000>] 0x0
Fixes: 9b947a13e7f6 ("regmap: use debugfs even when no device")
Signed-off-by: Xiaolei Wang <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Signed-off-by: Mark Brown <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
drivers/base/regmap/regmap-debugfs.c | 11 +++++++++--
1 file changed, 9 insertions(+), 2 deletions(-)
--- a/drivers/base/regmap/regmap-debugfs.c
+++ b/drivers/base/regmap/regmap-debugfs.c
@@ -582,18 +582,25 @@ void regmap_debugfs_init(struct regmap *
devname = dev_name(map->dev);
if (name) {
- map->debugfs_name = kasprintf(GFP_KERNEL, "%s-%s",
+ if (!map->debugfs_name) {
+ map->debugfs_name = kasprintf(GFP_KERNEL, "%s-%s",
devname, name);
+ if (!map->debugfs_name)
+ return;
+ }
name = map->debugfs_name;
} else {
name = devname;
}
if (!strcmp(name, "dummy")) {
- kfree(map->debugfs_name);
+ if (!map->debugfs_name)
+ kfree(map->debugfs_name);
map->debugfs_name = kasprintf(GFP_KERNEL, "dummy%d",
dummy_index);
+ if (!map->debugfs_name)
+ return;
name = map->debugfs_name;
dummy_index++;
}
Hi!
> From: Xiaolei Wang <[email protected]>
>
> commit cffa4b2122f5f3e53cf3d529bbc74651f95856d5 upstream.
>
> After initializing the regmap through
> syscon_regmap_lookup_by_compatible, then regmap_attach_dev to the
> device, because the debugfs_name has been allocated, there is no
> need to redistribute it again
? redistribute?
Anyway, this patch is clearly buggy:
>
> if (!strcmp(name, "dummy")) {
> - kfree(map->debugfs_name);
> + if (!map->debugfs_name)
> + kfree(map->debugfs_name);
>
It runs kfree only if the variable is NULL. That's clearly useless,
kfree(NULL) is NOP, and this causes memory leak.
Best regards,
Pavel
--
http://www.livejournal.com/~pavelmachek
On Fri, Jan 15, 2021 at 09:18:19PM +0100, Pavel Machek wrote:
> Hi!
>
> > From: Xiaolei Wang <[email protected]>
> >
> > commit cffa4b2122f5f3e53cf3d529bbc74651f95856d5 upstream.
> >
> > After initializing the regmap through
> > syscon_regmap_lookup_by_compatible, then regmap_attach_dev to the
> > device, because the debugfs_name has been allocated, there is no
> > need to redistribute it again
>
> ? redistribute?
>
> Anyway, this patch is clearly buggy:
>
> >
> > if (!strcmp(name, "dummy")) {
> > - kfree(map->debugfs_name);
> > + if (!map->debugfs_name)
> > + kfree(map->debugfs_name);
> >
>
> It runs kfree only if the variable is NULL. That's clearly useless,
> kfree(NULL) is NOP, and this causes memory leak.
Fixed by commit f6bcb4c7f366 ("regmap: debugfs: Fix a reversed if
statement in regmap_debugfs_init()") in mainline.
Cheers,
Nathan
Hi!
> > From: Xiaolei Wang <[email protected]>
> >
> > commit cffa4b2122f5f3e53cf3d529bbc74651f95856d5 upstream.
> >
> > After initializing the regmap through
> > syscon_regmap_lookup_by_compatible, then regmap_attach_dev to the
> > device, because the debugfs_name has been allocated, there is no
> > need to redistribute it again
>
> ? redistribute?
>
> Anyway, this patch is clearly buggy:
>
> >
> > if (!strcmp(name, "dummy")) {
> > - kfree(map->debugfs_name);
> > + if (!map->debugfs_name)
> > + kfree(map->debugfs_name);
> >
>
> It runs kfree only if the variable is NULL. That's clearly useless,
> kfree(NULL) is NOP, and this causes memory leak.
103/ of the series fixes this up. Sorry for the noise...
Best regards,
Pavel
--
http://www.livejournal.com/~pavelmachek