From: Marc Zyngier <maz@kernel.org>
To: Tomi Valkeinen <tomi.valkeinen@ideasonboard.com>
Cc: linux-kernel@vger.kernel.org,
linux-arm-kernel@lists.infradead.org, kernel-team@android.com,
Lee Jones <lee.jones@linaro.org>, Arnd Bergmann <arnd@arndb.de>,
Suman Anna <s-anna@ti.com>
Subject: Re: [PATCH] mfd: syscon: Don't free allocated name for regmap_config
Date: Tue, 16 Feb 2021 08:42:10 +0000 [thread overview]
Message-ID: <87pn10pfod.wl-maz@kernel.org> (raw)
In-Reply-To: <d35d3960-c2a6-491d-fd1a-cf3aa95ce109@ideasonboard.com>
Hi Tomi,
On Tue, 16 Feb 2021 06:34:50 +0000,
Tomi Valkeinen <tomi.valkeinen@ideasonboard.com> wrote:
>
> Hi Marc,
>
> On 03/09/2020 19:02, Marc Zyngier wrote:
> > The name allocated for the regmap_config structure is freed
> > pretty early, right after the registration of the MMIO region.
> >
> > Unfortunately, that doesn't follow the life cycle that debugfs
> > expects, as it can access the name field long after the free
> > has occured.
> >
> > Move the free on the error path, and keep it forever otherwise.
> >
> > Fixes: e15d7f2b81d2 ("mfd: syscon: Use a unique name with regmap_config")
> > Signed-off-by: Marc Zyngier <maz@kernel.org>
> > ---
> > drivers/mfd/syscon.c | 2 +-
> > 1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/drivers/mfd/syscon.c b/drivers/mfd/syscon.c
> > index 75859e492984..7a660411c562 100644
> > --- a/drivers/mfd/syscon.c
> > +++ b/drivers/mfd/syscon.c
> > @@ -108,7 +108,6 @@ static struct syscon *of_syscon_register(struct device_node *np, bool check_clk)
> > syscon_config.max_register = resource_size(&res) - reg_io_width;
> >
> > regmap = regmap_init_mmio(NULL, base, &syscon_config);
> > - kfree(syscon_config.name);
> > if (IS_ERR(regmap)) {
> > pr_err("regmap init failed\n");
> > ret = PTR_ERR(regmap);
> > @@ -145,6 +144,7 @@ static struct syscon *of_syscon_register(struct device_node *np, bool check_clk)
> > regmap_exit(regmap);
> > err_regmap:
> > iounmap(base);
> > + kfree(syscon_config.name);
> > err_map:
> > kfree(syscon);
> > return ERR_PTR(ret);
> >
>
> This patch causes lots of kmemleak reports, for example:
It may trigger some kmemleak reports, but at the time it was written,
this patch avoided some very nasty memory corruption with debugfs. The
problem is that the memory management responsibilities between syscon,
regmap and debugfs are rather obscure.
If you can come up with an accurate description of the life cycle of
syscon_config.name across these 3 subsystems, we may be able to fix it
for good.
Thanks,
M.
--
Without deviation from the norm, progress is not possible.
WARNING: multiple messages have this Message-ID (diff)
From: Marc Zyngier <maz@kernel.org>
To: Tomi Valkeinen <tomi.valkeinen@ideasonboard.com>
Cc: Arnd Bergmann <arnd@arndb.de>,
kernel-team@android.com, linux-kernel@vger.kernel.org,
Suman Anna <s-anna@ti.com>, Lee Jones <lee.jones@linaro.org>,
linux-arm-kernel@lists.infradead.org
Subject: Re: [PATCH] mfd: syscon: Don't free allocated name for regmap_config
Date: Tue, 16 Feb 2021 08:42:10 +0000 [thread overview]
Message-ID: <87pn10pfod.wl-maz@kernel.org> (raw)
In-Reply-To: <d35d3960-c2a6-491d-fd1a-cf3aa95ce109@ideasonboard.com>
Hi Tomi,
On Tue, 16 Feb 2021 06:34:50 +0000,
Tomi Valkeinen <tomi.valkeinen@ideasonboard.com> wrote:
>
> Hi Marc,
>
> On 03/09/2020 19:02, Marc Zyngier wrote:
> > The name allocated for the regmap_config structure is freed
> > pretty early, right after the registration of the MMIO region.
> >
> > Unfortunately, that doesn't follow the life cycle that debugfs
> > expects, as it can access the name field long after the free
> > has occured.
> >
> > Move the free on the error path, and keep it forever otherwise.
> >
> > Fixes: e15d7f2b81d2 ("mfd: syscon: Use a unique name with regmap_config")
> > Signed-off-by: Marc Zyngier <maz@kernel.org>
> > ---
> > drivers/mfd/syscon.c | 2 +-
> > 1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/drivers/mfd/syscon.c b/drivers/mfd/syscon.c
> > index 75859e492984..7a660411c562 100644
> > --- a/drivers/mfd/syscon.c
> > +++ b/drivers/mfd/syscon.c
> > @@ -108,7 +108,6 @@ static struct syscon *of_syscon_register(struct device_node *np, bool check_clk)
> > syscon_config.max_register = resource_size(&res) - reg_io_width;
> >
> > regmap = regmap_init_mmio(NULL, base, &syscon_config);
> > - kfree(syscon_config.name);
> > if (IS_ERR(regmap)) {
> > pr_err("regmap init failed\n");
> > ret = PTR_ERR(regmap);
> > @@ -145,6 +144,7 @@ static struct syscon *of_syscon_register(struct device_node *np, bool check_clk)
> > regmap_exit(regmap);
> > err_regmap:
> > iounmap(base);
> > + kfree(syscon_config.name);
> > err_map:
> > kfree(syscon);
> > return ERR_PTR(ret);
> >
>
> This patch causes lots of kmemleak reports, for example:
It may trigger some kmemleak reports, but at the time it was written,
this patch avoided some very nasty memory corruption with debugfs. The
problem is that the memory management responsibilities between syscon,
regmap and debugfs are rather obscure.
If you can come up with an accurate description of the life cycle of
syscon_config.name across these 3 subsystems, we may be able to fix it
for good.
Thanks,
M.
--
Without deviation from the norm, progress is not possible.
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next prev parent reply other threads:[~2021-02-16 8:47 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-09-03 16:02 [PATCH] mfd: syscon: Don't free allocated name for regmap_config Marc Zyngier
2020-09-03 16:02 ` Marc Zyngier
2020-09-08 8:22 ` Lee Jones
2020-09-08 8:22 ` Lee Jones
2020-09-24 12:39 ` Lee Jones
2020-09-24 12:39 ` Lee Jones
2020-09-26 0:28 ` Suman Anna
2020-09-26 0:28 ` Suman Anna
2020-09-28 9:19 ` Lee Jones
2020-09-28 9:19 ` Lee Jones
2021-02-16 6:34 ` Tomi Valkeinen
2021-02-16 6:34 ` Tomi Valkeinen
2021-02-16 8:42 ` Marc Zyngier [this message]
2021-02-16 8:42 ` Marc Zyngier
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87pn10pfod.wl-maz@kernel.org \
--to=maz@kernel.org \
--cc=arnd@arndb.de \
--cc=kernel-team@android.com \
--cc=lee.jones@linaro.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=s-anna@ti.com \
--cc=tomi.valkeinen@ideasonboard.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.