2021-01-15 12:42:02

by Greg Kroah-Hartman

[permalink] [raw]
Subject: [PATCH 5.10 086/103] regmap: debugfs: Fix a memory leak when calling regmap_attach_dev

From: Xiaolei Wang <[email protected]>

commit cffa4b2122f5f3e53cf3d529bbc74651f95856d5 upstream.

After initializing the regmap through
syscon_regmap_lookup_by_compatible, then regmap_attach_dev to the
device, because the debugfs_name has been allocated, there is no
need to redistribute it again

unreferenced object 0xd8399b80 (size 64):
comm "swapper/0", pid 1, jiffies 4294937641 (age 278.590s)
hex dump (first 32 bytes):
64 75 6d 6d 79 2d 69 6f 6d 75 78 63 2d 67 70 72
dummy-iomuxc-gpr
40 32 30 65 34 30 30 30 00 7f 52 5b d8 7e 42 69
@20e4000..R[.~Bi
backtrace:
[<ca384d6f>] kasprintf+0x2c/0x54
[<6ad3bbc2>] regmap_debugfs_init+0xdc/0x2fc
[<bc4181da>] __regmap_init+0xc38/0xd88
[<1f7e0609>] of_syscon_register+0x168/0x294
[<735e8766>] device_node_get_regmap+0x6c/0x98
[<d96c8982>] imx6ul_init_machine+0x20/0x88
[<0456565b>] customize_machine+0x1c/0x30
[<d07393d8>] do_one_initcall+0x80/0x3ac
[<7e584867>] kernel_init_freeable+0x170/0x1f0
[<80074741>] kernel_init+0x8/0x120
[<285d6f28>] ret_from_fork+0x14/0x20
[<00000000>] 0x0

Fixes: 9b947a13e7f6 ("regmap: use debugfs even when no device")
Signed-off-by: Xiaolei Wang <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Signed-off-by: Mark Brown <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>

---
drivers/base/regmap/regmap-debugfs.c | 11 +++++++++--
1 file changed, 9 insertions(+), 2 deletions(-)

--- a/drivers/base/regmap/regmap-debugfs.c
+++ b/drivers/base/regmap/regmap-debugfs.c
@@ -582,18 +582,25 @@ void regmap_debugfs_init(struct regmap *
devname = dev_name(map->dev);

if (name) {
- map->debugfs_name = kasprintf(GFP_KERNEL, "%s-%s",
+ if (!map->debugfs_name) {
+ map->debugfs_name = kasprintf(GFP_KERNEL, "%s-%s",
devname, name);
+ if (!map->debugfs_name)
+ return;
+ }
name = map->debugfs_name;
} else {
name = devname;
}

if (!strcmp(name, "dummy")) {
- kfree(map->debugfs_name);
+ if (!map->debugfs_name)
+ kfree(map->debugfs_name);

map->debugfs_name = kasprintf(GFP_KERNEL, "dummy%d",
dummy_index);
+ if (!map->debugfs_name)
+ return;
name = map->debugfs_name;
dummy_index++;
}



2021-01-15 20:21:00

by Pavel Machek

[permalink] [raw]
Subject: Re: [PATCH 5.10 086/103] regmap: debugfs: Fix a memory leak when calling regmap_attach_dev

Hi!

> From: Xiaolei Wang <[email protected]>
>
> commit cffa4b2122f5f3e53cf3d529bbc74651f95856d5 upstream.
>
> After initializing the regmap through
> syscon_regmap_lookup_by_compatible, then regmap_attach_dev to the
> device, because the debugfs_name has been allocated, there is no
> need to redistribute it again

? redistribute?

Anyway, this patch is clearly buggy:

>
> if (!strcmp(name, "dummy")) {
> - kfree(map->debugfs_name);
> + if (!map->debugfs_name)
> + kfree(map->debugfs_name);
>

It runs kfree only if the variable is NULL. That's clearly useless,
kfree(NULL) is NOP, and this causes memory leak.

Best regards,
Pavel
--
http://www.livejournal.com/~pavelmachek


Attachments:
(No filename) (738.00 B)
signature.asc (188.00 B)
Digital signature
Download all attachments

2021-01-15 20:24:46

by Nathan Chancellor

[permalink] [raw]
Subject: Re: [PATCH 5.10 086/103] regmap: debugfs: Fix a memory leak when calling regmap_attach_dev

On Fri, Jan 15, 2021 at 09:18:19PM +0100, Pavel Machek wrote:
> Hi!
>
> > From: Xiaolei Wang <[email protected]>
> >
> > commit cffa4b2122f5f3e53cf3d529bbc74651f95856d5 upstream.
> >
> > After initializing the regmap through
> > syscon_regmap_lookup_by_compatible, then regmap_attach_dev to the
> > device, because the debugfs_name has been allocated, there is no
> > need to redistribute it again
>
> ? redistribute?
>
> Anyway, this patch is clearly buggy:
>
> >
> > if (!strcmp(name, "dummy")) {
> > - kfree(map->debugfs_name);
> > + if (!map->debugfs_name)
> > + kfree(map->debugfs_name);
> >
>
> It runs kfree only if the variable is NULL. That's clearly useless,
> kfree(NULL) is NOP, and this causes memory leak.

Fixed by commit f6bcb4c7f366 ("regmap: debugfs: Fix a reversed if
statement in regmap_debugfs_init()") in mainline.

Cheers,
Nathan

2021-01-15 20:28:53

by Pavel Machek

[permalink] [raw]
Subject: Re: [PATCH 5.10 086/103] regmap: debugfs: Fix a memory leak when calling regmap_attach_dev

Hi!

> > From: Xiaolei Wang <[email protected]>
> >
> > commit cffa4b2122f5f3e53cf3d529bbc74651f95856d5 upstream.
> >
> > After initializing the regmap through
> > syscon_regmap_lookup_by_compatible, then regmap_attach_dev to the
> > device, because the debugfs_name has been allocated, there is no
> > need to redistribute it again
>
> ? redistribute?
>
> Anyway, this patch is clearly buggy:
>
> >
> > if (!strcmp(name, "dummy")) {
> > - kfree(map->debugfs_name);
> > + if (!map->debugfs_name)
> > + kfree(map->debugfs_name);
> >
>
> It runs kfree only if the variable is NULL. That's clearly useless,
> kfree(NULL) is NOP, and this causes memory leak.

103/ of the series fixes this up. Sorry for the noise...

Best regards,
Pavel
--
http://www.livejournal.com/~pavelmachek


Attachments:
(No filename) (843.00 B)
signature.asc (188.00 B)
Digital signature
Download all attachments