From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753862AbdLMTm5 (ORCPT ); Wed, 13 Dec 2017 14:42:57 -0500 Received: from heliosphere.sirena.org.uk ([172.104.155.198]:47896 "EHLO heliosphere.sirena.org.uk" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753324AbdLMTmw (ORCPT ); Wed, 13 Dec 2017 14:42:52 -0500 From: Mark Brown To: Bartosz Golaszewski Cc: Mark Brown , linux-kernel@vger.kernel.org Subject: Applied "regmap: potentially duplicate the name string stored in regmap" to the regmap tree In-Reply-To: Message-Id: Date: Wed, 13 Dec 2017 19:42:50 +0000 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org The patch regmap: potentially duplicate the name string stored in regmap has been applied to the regmap tree at https://git.kernel.org/pub/scm/linux/kernel/git/broonie/regmap.git All being well this means that it will be integrated into the linux-next tree (usually sometime in the next 24 hours) and sent to Linus during the next merge window (or sooner if it is a bug fix), however if problems are discovered then the patch may be dropped or reverted. You may get further e-mails resulting from automated or manual testing and review of the tree, please engage with people reporting problems and send followup patches addressing any issues that are reported if needed. If any updates are required or you are submitting further changes they should be sent as incremental updates against current git, existing patches will not be replaced. Please add any relevant lists and maintainers to the CCs when replying to this mail. Thanks, Mark >>From 8253bb3f82554cedb830a4cb65c84796df129c81 Mon Sep 17 00:00:00 2001 From: Bartosz Golaszewski Date: Wed, 13 Dec 2017 17:25:31 +0100 Subject: [PATCH] regmap: potentially duplicate the name string stored in regmap Currently we just copy over the pointer passed to regmap_init() in the regmap config struct. To be on the safe side: duplicate the string with kstrdup_const() so that if an unaware user passes an address to a stack-allocated buffer, we won't crash. Signed-off-by: Bartosz Golaszewski Signed-off-by: Mark Brown --- drivers/base/regmap/regmap.c | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/drivers/base/regmap/regmap.c b/drivers/base/regmap/regmap.c index 496da7bc5e77..84b5784e171b 100644 --- a/drivers/base/regmap/regmap.c +++ b/drivers/base/regmap/regmap.c @@ -672,6 +672,14 @@ struct regmap *__regmap_init(struct device *dev, goto err; } + if (config->name) { + map->name = kstrdup_const(config->name, GFP_KERNEL); + if (!map->name) { + ret = -ENOMEM; + goto err_map; + } + } + if (config->disable_locking) { map->lock = map->unlock = regmap_lock_unlock_none; regmap_debugfs_disable(map); @@ -683,7 +691,7 @@ struct regmap *__regmap_init(struct device *dev, map->hwlock = hwspin_lock_request_specific(config->hwlock_id); if (!map->hwlock) { ret = -ENXIO; - goto err_map; + goto err_name; } switch (config->hwlock_mode) { @@ -763,7 +771,6 @@ struct regmap *__regmap_init(struct device *dev, map->volatile_reg = config->volatile_reg; map->precious_reg = config->precious_reg; map->cache_type = config->cache_type; - map->name = config->name; spin_lock_init(&map->async_lock); INIT_LIST_HEAD(&map->async_list); @@ -1119,6 +1126,8 @@ struct regmap *__regmap_init(struct device *dev, err_hwlock: if (map->hwlock) hwspin_lock_free(map->hwlock); +err_name: + kfree_const(map->name); err_map: kfree(map); err: @@ -1308,6 +1317,7 @@ void regmap_exit(struct regmap *map) } if (map->hwlock) hwspin_lock_free(map->hwlock); + kfree_const(map->name); kfree(map); } EXPORT_SYMBOL_GPL(regmap_exit); -- 2.15.1