Re: [PATCH] mfd: syscon: Don't free allocated name for regmap_config

From: Tomi Valkeinen
Date: Tue Feb 16 2021 - 01:37:49 EST

Next message: Masahiro Yamada: "Re: [PATCH] gen_compile_commands: prune some directories"
Previous message: syzbot: "Re: INFO: task hung in nbd_ioctl (3)"
Next in thread: Marc Zyngier: "Re: [PATCH] mfd: syscon: Don't free allocated name for regmap_config"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Marc,

On 03/09/2020 19:02, Marc Zyngier wrote:
> The name allocated for the regmap_config structure is freed
> pretty early, right after the registration of the MMIO region.
>
> Unfortunately, that doesn't follow the life cycle that debugfs
> expects, as it can access the name field long after the free
> has occured.
>
> Move the free on the error path, and keep it forever otherwise.
>
> Fixes: e15d7f2b81d2 ("mfd: syscon: Use a unique name with regmap_config")
> Signed-off-by: Marc Zyngier <maz@xxxxxxxxxx>
> ---
> drivers/mfd/syscon.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/mfd/syscon.c b/drivers/mfd/syscon.c
> index 75859e492984..7a660411c562 100644
> --- a/drivers/mfd/syscon.c
> +++ b/drivers/mfd/syscon.c
> @@ -108,7 +108,6 @@ static struct syscon *of_syscon_register(struct device_node *np, bool check_clk)
> syscon_config.max_register = resource_size(&res) - reg_io_width;
>
> regmap = regmap_init_mmio(NULL, base, &syscon_config);
> - kfree(syscon_config.name);
> if (IS_ERR(regmap)) {
> pr_err("regmap init failed\n");
> ret = PTR_ERR(regmap);
> @@ -145,6 +144,7 @@ static struct syscon *of_syscon_register(struct device_node *np, bool check_clk)
> regmap_exit(regmap);
> err_regmap:
> iounmap(base);
> + kfree(syscon_config.name);
> err_map:
> kfree(syscon);
> return ERR_PTR(ret);
>

This patch causes lots of kmemleak reports, for example:

unreferenced object 0xc8e6f000 (size 64):
comm "kworker/1:1", pid 22, jiffies 4294938454 (age 95.540s)
hex dump (first 32 bytes):
64 73 70 5f 73 79 73 74 65 6d 40 34 30 64 30 30 dsp_system@40d00
30 30 30 00 e0 09 4d c1 ac 1b 4d c1 64 74 4c c1 000...M...M.dtL.
backtrace:
[<(ptrval)>] __kmalloc_track_caller+0x2bc/0x418
[<(ptrval)>] kvasprintf+0x9c/0x124
[<(ptrval)>] kasprintf+0x70/0xac
[<(ptrval)>] of_syscon_register+0x1f0/0x4f0
[<(ptrval)>] device_node_get_regmap+0x12c/0x158
[<(ptrval)>] syscon_regmap_lookup_by_phandle+0x5c/0x6c
[<(ptrval)>] omap_iommu_probe+0x6ac/0xc28
[<(ptrval)>] platform_probe+0x120/0x1e0
[<(ptrval)>] really_probe+0x2b4/0x121c
[<(ptrval)>] driver_probe_device+0x10c/0x4c0
[<(ptrval)>] __device_attach_driver+0x1d8/0x26c
[<(ptrval)>] bus_for_each_drv+0x174/0x200
[<(ptrval)>] __device_attach+0x2f0/0x45c
[<(ptrval)>] device_initial_probe+0x1c/0x20
[<(ptrval)>] bus_probe_device+0x224/0x2b8
[<(ptrval)>] device_add+0xad0/0x1e18

Tomi

Next message: Masahiro Yamada: "Re: [PATCH] gen_compile_commands: prune some directories"
Previous message: syzbot: "Re: INFO: task hung in nbd_ioctl (3)"
Next in thread: Marc Zyngier: "Re: [PATCH] mfd: syscon: Don't free allocated name for regmap_config"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]