On Tue, Sep 29, 2020 at 08:33:34AM +0000, Charles Keepax wrote:
On Mon, Sep 28, 2020 at 09:30:11PM -0400, Sasha Levin wrote:
From: Charles Keepax ckeepax@opensource.cirrus.com
[ Upstream commit 94cc89eb8fa5039fcb6e3e3d50f929ddcccee095 ]
In regmap_debugfs_init the initialisation of the debugfs is delayed if the root node isn't ready yet. Most callers of regmap_debugfs_init pass the name from the regmap_config, which is considered temporary ie. may be unallocated after the regmap_init call returns. This leads to a potential use after free, where config->name has been freed by the time it is used in regmap_debugfs_initcall.
Afraid this patch had some issues if you are back porting it you definitely need to take these two patches as well:
commit 1d512ee861b80da63cbc501b973c53131aa22f29 regmap: debugfs: Fix more error path regressions
Looks like 1d512ee861b is queued for the merge window even though it's a bugfix for this release?
I'm going to drop this patch.