From 5f6f9a051dc0019658bbf6e42517314e8e6c6ddf Mon Sep 17 00:00:00 2001 From: Daniel Baluta Date: Fri, 17 May 2019 16:07:35 +0300 Subject: [PATCH] regmap: debugfs: Fix memory leak in regmap_debugfs_init Content-Type: text/plain; charset="iso-8859-1" As detected by kmemleak running on i.MX6ULL board: nreferenced object 0xd8366600 (size 64): comm "swapper/0", pid 1, jiffies 4294937370 (age 933.220s) hex dump (first 32 bytes): 64 75 6d 6d 79 2d 69 6f 6d 75 78 63 2d 67 70 72 dummy-iomuxc-gpr 40 32 30 65 34 30 30 30 00 e3 f3 ab fe d1 1b dd @20e4000........ backtrace: [] kasprintf+0x2c/0x54 [] regmap_debugfs_init+0x7c/0x31c [<9c8d91fa>] __regmap_init+0xb5c/0xcf4 [<5b1c3d2a>] of_syscon_register+0x164/0x2c4 [<596a5d80>] syscon_node_to_regmap+0x64/0x90 [<49bd597b>] imx6ul_init_machine+0x34/0xa0 [<250a4dac>] customize_machine+0x1c/0x30 [<2d19fdaf>] do_one_initcall+0x7c/0x398 [] kernel_init_freeable+0x328/0x448 [<168c9101>] kernel_init+0x8/0x114 [<913268aa>] ret_from_fork+0x14/0x20 [] 0x0 Root cause is that map->debugfs_name is allocated using kasprintf and then the pointer is lost by assigning it other memory address. Reported-by: Stefan Wahren Signed-off-by: Daniel Baluta --- drivers/base/regmap/regmap-debugfs.c | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/drivers/base/regmap/regmap-debugfs.c b/drivers/base/regmap/regmap-debugfs.c index 263f82516ff4..147b83b58602 100644 --- a/drivers/base/regmap/regmap-debugfs.c +++ b/drivers/base/regmap/regmap-debugfs.c @@ -570,6 +570,10 @@ void regmap_debugfs_init(struct regmap *map, const char *name) if (map->dev) devname = dev_name(map->dev); + pr_info("debugfs_init1: name %s, debugfs_name %s\n", + name ? name : "NULL", + debugfs_name ? debugfs_name : "NULL"); + if (name) { map->debugfs_name = kasprintf(GFP_KERNEL, "%s-%s", devname, name); @@ -578,13 +582,27 @@ void regmap_debugfs_init(struct regmap *map, const char *name) name = devname; } + pr_info("debugfs_init1: name %s, debugfs_name %s\n", + name ? name : "NULL", + map->debugfs_name ? map->debugfs_name : "NULL"); + if (!strcmp(name, "dummy")) { + + pr_info("debugfs_init2: Freeing debufs_name %s\n", + map->debugfs_name ? map->debugfs_name : "NULL"); + + kfree(map->debugfs_name); + map->debugfs_name = kasprintf(GFP_KERNEL, "dummy%d", dummy_index); name = map->debugfs_name; dummy_index++; } + pr_info("debugfs_init2: name %s, debugfs_name %s\n", + name ? name : "NULL", + map->debugfs_name ? map->debugfs_name : "NULL"); + map->debugfs = debugfs_create_dir(name, regmap_debugfs_root); if (!map->debugfs) { dev_warn(map->dev, -- 2.17.1