Re: [PATCH AUTOSEL 5.8 14/29] regmap: debugfs: Fix handling of name string for debugfs init delays

From: Sasha Levin
Date: Sun Oct 04 2020 - 08:54:34 EST

Next message: kernel test robot: "[ep_insert()] 9ee1cc5666: WARNING:possible_recursive_locking_detected"
Previous message: Jason Gunthorpe: "Re: [PATCH 2/2] mm/frame-vec: use FOLL_LONGTERM"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Sep 29, 2020 at 08:33:34AM +0000, Charles Keepax wrote:

On Mon, Sep 28, 2020 at 09:30:11PM -0400, Sasha Levin wrote:

From: Charles Keepax <ckeepax@xxxxxxxxxxxxxxxxxxxxx>

[ Upstream commit 94cc89eb8fa5039fcb6e3e3d50f929ddcccee095 ]

In regmap_debugfs_init the initialisation of the debugfs is delayed
if the root node isn't ready yet. Most callers of regmap_debugfs_init
pass the name from the regmap_config, which is considered temporary
ie. may be unallocated after the regmap_init call returns. This leads
to a potential use after free, where config->name has been freed by
the time it is used in regmap_debugfs_initcall.

Afraid this patch had some issues if you are back porting it you
definitely need to take these two patches as well:

commit 1d512ee861b80da63cbc501b973c53131aa22f29
regmap: debugfs: Fix more error path regressions

Looks like 1d512ee861b is queued for the merge window even though it's a
bugfix for this release?

I'm going to drop this patch.

--
Thanks,
Sasha

Next message: kernel test robot: "[ep_insert()] 9ee1cc5666: WARNING:possible_recursive_locking_detected"
Previous message: Jason Gunthorpe: "Re: [PATCH 2/2] mm/frame-vec: use FOLL_LONGTERM"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]