[5.10,086/103] regmap: debugfs: Fix a memory leak when calling regmap_attach_dev

From: Xiaolei Wang <xiaolei.wang@windriver.com>

commit cffa4b2122f5f3e53cf3d529bbc74651f95856d5 upstream.

After initializing the regmap through
syscon_regmap_lookup_by_compatible, then regmap_attach_dev to the
device, because the debugfs_name has been allocated, there is no
need to redistribute it again

unreferenced object 0xd8399b80 (size 64):
  comm "swapper/0", pid 1, jiffies 4294937641 (age 278.590s)
  hex dump (first 32 bytes):
	64 75 6d 6d 79 2d 69 6f 6d 75 78 63 2d 67 70 72
dummy-iomuxc-gpr
	40 32 30 65 34 30 30 30 00 7f 52 5b d8 7e 42 69
@20e4000..R[.~Bi
  backtrace:
    [<ca384d6f>] kasprintf+0x2c/0x54
    [<6ad3bbc2>] regmap_debugfs_init+0xdc/0x2fc
    [<bc4181da>] __regmap_init+0xc38/0xd88
    [<1f7e0609>] of_syscon_register+0x168/0x294
    [<735e8766>] device_node_get_regmap+0x6c/0x98
    [<d96c8982>] imx6ul_init_machine+0x20/0x88
    [<0456565b>] customize_machine+0x1c/0x30
    [<d07393d8>] do_one_initcall+0x80/0x3ac
    [<7e584867>] kernel_init_freeable+0x170/0x1f0
    [<80074741>] kernel_init+0x8/0x120
    [<285d6f28>] ret_from_fork+0x14/0x20
    [<00000000>] 0x0

Fixes: 9b947a13e7f6 ("regmap: use debugfs even when no device")
Signed-off-by: Xiaolei Wang <xiaolei.wang@windriver.com>
Link: https://lore.kernel.org/r/20201229105046.41984-1-xiaolei.wang@windriver.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/base/regmap/regmap-debugfs.c |   11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

Hi!

> From: Xiaolei Wang <xiaolei.wang@windriver.com>
> 
> commit cffa4b2122f5f3e53cf3d529bbc74651f95856d5 upstream.
> 
> After initializing the regmap through
> syscon_regmap_lookup_by_compatible, then regmap_attach_dev to the
> device, because the debugfs_name has been allocated, there is no
> need to redistribute it again

? redistribute?

Anyway, this patch is clearly buggy:

>  
>  	if (!strcmp(name, "dummy")) {
> -		kfree(map->debugfs_name);
> +		if (!map->debugfs_name)
> +			kfree(map->debugfs_name);
>  

It runs kfree only if the variable is NULL. That's clearly useless,
kfree(NULL) is NOP, and this causes memory leak.

Best regards,
								Pavel

On Fri, Jan 15, 2021 at 09:18:19PM +0100, Pavel Machek wrote:
> Hi!
> 
> > From: Xiaolei Wang <xiaolei.wang@windriver.com>
> > 
> > commit cffa4b2122f5f3e53cf3d529bbc74651f95856d5 upstream.
> > 
> > After initializing the regmap through
> > syscon_regmap_lookup_by_compatible, then regmap_attach_dev to the
> > device, because the debugfs_name has been allocated, there is no
> > need to redistribute it again
> 
> ? redistribute?
> 
> Anyway, this patch is clearly buggy:
> 
> >  
> >  	if (!strcmp(name, "dummy")) {
> > -		kfree(map->debugfs_name);
> > +		if (!map->debugfs_name)
> > +			kfree(map->debugfs_name);
> >  
> 
> It runs kfree only if the variable is NULL. That's clearly useless,
> kfree(NULL) is NOP, and this causes memory leak.

Fixed by commit f6bcb4c7f366 ("regmap: debugfs: Fix a reversed if
statement in regmap_debugfs_init()") in mainline.

Cheers,
Nathan