On Mon, Sep 28, 2020 at 09:30:11PM -0400, Sasha Levin wrote:
From: Charles Keepax ckeepax@opensource.cirrus.com
[ Upstream commit 94cc89eb8fa5039fcb6e3e3d50f929ddcccee095 ]
In regmap_debugfs_init the initialisation of the debugfs is delayed if the root node isn't ready yet. Most callers of regmap_debugfs_init pass the name from the regmap_config, which is considered temporary ie. may be unallocated after the regmap_init call returns. This leads to a potential use after free, where config->name has been freed by the time it is used in regmap_debugfs_initcall.
Afraid this patch had some issues if you are back porting it you definitely need to take these two patches as well:
commit 1d512ee861b80da63cbc501b973c53131aa22f29 regmap: debugfs: Fix more error path regressions
commit d36cb0205f034e943aa29e35b59c6a441f0056b5 regmap: debugfs: Add back in erroneously removed initialisation of ret
Thanks, Charles