On Tue, Sep 29, 2020 at 08:33:34AM +0000, Charles Keepax wrote:
On Mon, Sep 28, 2020 at 09:30:11PM -0400, Sasha Levin wrote:
From: Charles Keepax <ckeepax@xxxxxxxxxxxxxxxxxxxxx>
[ Upstream commit 94cc89eb8fa5039fcb6e3e3d50f929ddcccee095 ]
In regmap_debugfs_init the initialisation of the debugfs is delayed
if the root node isn't ready yet. Most callers of regmap_debugfs_init
pass the name from the regmap_config, which is considered temporary
ie. may be unallocated after the regmap_init call returns. This leads
to a potential use after free, where config->name has been freed by
the time it is used in regmap_debugfs_initcall.
Afraid this patch had some issues if you are back porting it you
definitely need to take these two patches as well:
commit 1d512ee861b80da63cbc501b973c53131aa22f29
regmap: debugfs: Fix more error path regressions
Looks like 1d512ee861b is queued for the merge window even though it's a
bugfix for this release?
I'm going to drop this patch.
--
Thanks,
Sasha