From: Kuan-Wei Chiu <visitorckw@gmail.com>
To: Gui-Dong Han <hanguidong02@gmail.com>
Cc: Georgi Djakov <djakov@kernel.org>,
linux-pm@vger.kernel.org, linux-kernel@vger.kernel.org,
akaieurus@gmail.com, me@ziyao.cc
Subject: Re: [PATCH] interconnect: debugfs: fix devm_kstrdup and kfree mismatch
Date: Wed, 18 Mar 2026 12:26:04 +0800 [thread overview]
Message-ID: <abopXJPF-UD7YsV1@google.com> (raw)
In-Reply-To: <20260318024815.7655-1-hanguidong02@gmail.com>
On Wed, Mar 18, 2026 at 10:48:15AM +0800, Gui-Dong Han wrote:
> debugfs_write_file_str() uses standard kfree() to release old strings.
> Initializing src_node and dst_node with devm_kstrdup() creates a memory
> management mismatch. If a user writes to these debugfs nodes, the
> devm-allocated memory is freed via kfree(), leaving a dangling pointer
> in the device resource list that can lead to a double free.
>
> Fix this by using standard kstrdup() instead. Since the interconnect
> subsystem is strictly built-in and cannot be unloaded as a module, there
> is no exit path requiring manual cleanup of these strings. The error
> handling path is also simplified by taking advantage of the fact that
> kfree(NULL) is a safe no-op.
>
> Fixes: 8cc27f5c6dd1 ("interconnect: debugfs: initialize src_node and dst_node to empty strings")
> Signed-off-by: Gui-Dong Han <hanguidong02@gmail.com>
LGTM. Thanks for the patch.
Reviewed-by: Kuan-Wei Chiu <visitorckw@gmail.com>
Regards,
Kuan-Wei
> ---
> I noticed this memory management mismatch while working on similar
> debugfs string initialization fixes [1] recently.
>
> [1] https://lore.kernel.org/driver-core/20260317185920.43387-1-hanguidong02@gmail.com/
> ---
> drivers/interconnect/debugfs-client.c | 9 ++++++---
> 1 file changed, 6 insertions(+), 3 deletions(-)
>
> diff --git a/drivers/interconnect/debugfs-client.c b/drivers/interconnect/debugfs-client.c
> index 5107bff53173..08df9188ef94 100644
> --- a/drivers/interconnect/debugfs-client.c
> +++ b/drivers/interconnect/debugfs-client.c
> @@ -150,10 +150,13 @@ int icc_debugfs_client_init(struct dentry *icc_dir)
> return ret;
> }
>
> - src_node = devm_kstrdup(&pdev->dev, "", GFP_KERNEL);
> - dst_node = devm_kstrdup(&pdev->dev, "", GFP_KERNEL);
> - if (!src_node || !dst_node)
> + src_node = kstrdup("", GFP_KERNEL);
> + dst_node = kstrdup("", GFP_KERNEL);
> + if (!src_node || !dst_node) {
> + kfree(dst_node);
> + kfree(src_node);
> return -ENOMEM;
> + }
>
> client_dir = debugfs_create_dir("test_client", icc_dir);
>
> --
> 2.43.0
>
next prev parent reply other threads:[~2026-03-18 4:26 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-03-18 2:48 [PATCH] interconnect: debugfs: fix devm_kstrdup and kfree mismatch Gui-Dong Han
2026-03-18 4:26 ` Kuan-Wei Chiu [this message]
2026-03-22 9:34 ` Markus Elfring
2026-04-02 15:42 ` Gui-Dong Han
2026-04-02 16:00 ` Georgi Djakov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=abopXJPF-UD7YsV1@google.com \
--to=visitorckw@gmail.com \
--cc=akaieurus@gmail.com \
--cc=djakov@kernel.org \
--cc=hanguidong02@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-pm@vger.kernel.org \
--cc=me@ziyao.cc \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.