From: Sasha Levin <sashal@kernel.org>
To: patches@lists.linux.dev, stable@vger.kernel.org
Cc: Mark Brown <broonie@kernel.org>,
Russell King <rmk+kernel@armlinux.org.uk>,
Sasha Levin <sashal@kernel.org>,
linux-kernel@vger.kernel.org
Subject: [PATCH AUTOSEL 6.16] regmap: irq: Free the regmap-irq mutex
Date: Sun, 10 Aug 2025 12:51:53 -0400 [thread overview]
Message-ID: <20250810165158.1888206-11-sashal@kernel.org> (raw)
In-Reply-To: <20250810165158.1888206-1-sashal@kernel.org>
From: Mark Brown <broonie@kernel.org>
[ Upstream commit 1da33858af6250184d2ef907494d698af03283de ]
We do not currently free the mutex allocated by regmap-irq, do so.
Tested-by: Russell King (Oracle) <rmk+kernel@armlinux.org.uk>
Reviewed-by: Russell King (Oracle) <rmk+kernel@armlinux.org.uk>
Signed-off-by: Mark Brown <broonie@kernel.org>
Link: https://patch.msgid.link/20250731-regmap-irq-nesting-v1-1-98b4d1bf20f0@kernel.org
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
LLM Generated explanations, may be completely bogus:
**Backport Status: YES**
This commit fixes a resource leak bug where a mutex allocated with
`mutex_init()` in `regmap_add_irq_chip_fwnode()` was never properly
freed with `mutex_destroy()`. This is a clear memory/resource leak that
has existed since the mutex was first introduced in 2011 (commit
f8beab2bb611).
**Key reasons for backporting:**
1. **Clear bug fix**: The commit fixes a resource leak where
`mutex_init(&d->lock)` at line 804 allocates mutex resources but they
were never freed. The fix adds corresponding
`mutex_destroy(&d->lock)` calls in both error paths and the cleanup
function.
2. **Long-standing issue**: This bug has existed since 2011 when the
mutex was first introduced, affecting all stable kernels that include
the regmap-irq subsystem.
3. **Small and contained change**: The patch only adds two
`mutex_destroy()` calls:
- One in the error path (`err_mutex:` label) at line 935
- One in `regmap_del_irq_chip()` at line 1031
4. **No behavioral changes**: The fix only ensures proper cleanup; it
doesn't change any functional behavior or introduce new features.
5. **Low regression risk**: Adding `mutex_destroy()` calls is a standard
cleanup operation that carries minimal risk. The patch also properly
adjusts error handling labels (changing `goto err_alloc` to `goto
err_mutex` after mutex initialization).
6. **Affects widely-used subsystem**: The regmap-irq framework is used
by many drivers across the kernel for interrupt handling, making this
fix broadly beneficial.
The commit follows stable kernel rules perfectly - it's a small, obvious
fix for a real bug with minimal risk of regression. While not a critical
security issue or crash fix, resource leaks are valid stable candidates,
especially in widely-used infrastructure code like regmap.
drivers/base/regmap/regmap-irq.c | 19 +++++++++++--------
1 file changed, 11 insertions(+), 8 deletions(-)
diff --git a/drivers/base/regmap/regmap-irq.c b/drivers/base/regmap/regmap-irq.c
index d1585f073776..4aac12d38215 100644
--- a/drivers/base/regmap/regmap-irq.c
+++ b/drivers/base/regmap/regmap-irq.c
@@ -816,7 +816,7 @@ int regmap_add_irq_chip_fwnode(struct fwnode_handle *fwnode,
d->mask_buf[i],
chip->irq_drv_data);
if (ret)
- goto err_alloc;
+ goto err_mutex;
}
if (chip->mask_base && !chip->handle_mask_sync) {
@@ -827,7 +827,7 @@ int regmap_add_irq_chip_fwnode(struct fwnode_handle *fwnode,
if (ret) {
dev_err(map->dev, "Failed to set masks in 0x%x: %d\n",
reg, ret);
- goto err_alloc;
+ goto err_mutex;
}
}
@@ -838,7 +838,7 @@ int regmap_add_irq_chip_fwnode(struct fwnode_handle *fwnode,
if (ret) {
dev_err(map->dev, "Failed to set masks in 0x%x: %d\n",
reg, ret);
- goto err_alloc;
+ goto err_mutex;
}
}
@@ -855,7 +855,7 @@ int regmap_add_irq_chip_fwnode(struct fwnode_handle *fwnode,
if (ret != 0) {
dev_err(map->dev, "Failed to read IRQ status: %d\n",
ret);
- goto err_alloc;
+ goto err_mutex;
}
}
@@ -879,7 +879,7 @@ int regmap_add_irq_chip_fwnode(struct fwnode_handle *fwnode,
if (ret != 0) {
dev_err(map->dev, "Failed to ack 0x%x: %d\n",
reg, ret);
- goto err_alloc;
+ goto err_mutex;
}
}
}
@@ -901,7 +901,7 @@ int regmap_add_irq_chip_fwnode(struct fwnode_handle *fwnode,
if (ret != 0) {
dev_err(map->dev, "Failed to set masks in 0x%x: %d\n",
reg, ret);
- goto err_alloc;
+ goto err_mutex;
}
}
}
@@ -910,7 +910,7 @@ int regmap_add_irq_chip_fwnode(struct fwnode_handle *fwnode,
if (chip->status_is_level) {
ret = read_irq_data(d);
if (ret < 0)
- goto err_alloc;
+ goto err_mutex;
memcpy(d->prev_status_buf, d->status_buf,
array_size(d->chip->num_regs, sizeof(d->prev_status_buf[0])));
@@ -918,7 +918,7 @@ int regmap_add_irq_chip_fwnode(struct fwnode_handle *fwnode,
ret = regmap_irq_create_domain(fwnode, irq_base, chip, d);
if (ret)
- goto err_alloc;
+ goto err_mutex;
ret = request_threaded_irq(irq, NULL, regmap_irq_thread,
irq_flags | IRQF_ONESHOT,
@@ -935,6 +935,8 @@ int regmap_add_irq_chip_fwnode(struct fwnode_handle *fwnode,
err_domain:
/* Should really dispose of the domain but... */
+err_mutex:
+ mutex_destroy(&d->lock);
err_alloc:
kfree(d->type_buf);
kfree(d->type_buf_def);
@@ -1027,6 +1029,7 @@ void regmap_del_irq_chip(int irq, struct regmap_irq_chip_data *d)
kfree(d->config_buf[i]);
kfree(d->config_buf);
}
+ mutex_destroy(&d->lock);
kfree(d);
}
EXPORT_SYMBOL_GPL(regmap_del_irq_chip);
--
2.39.5
next prev parent reply other threads:[~2025-08-10 16:52 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-08-10 16:51 [PATCH AUTOSEL 6.16-5.10] block: avoid possible overflow for chunk_sectors check in blk_stack_limits() Sasha Levin
2025-08-10 16:51 ` [PATCH AUTOSEL 6.16-6.12] tools/power turbostat: Handle non-root legacy-uncore sysfs permissions Sasha Levin
2025-08-10 16:51 ` [PATCH AUTOSEL 6.16-6.12] ALSA: hda/realtek: add LG gram 16Z90R-A to alc269 fixup table Sasha Levin
2025-08-10 16:51 ` [PATCH AUTOSEL 6.16-6.12] lib/sbitmap: convert shallow_depth from one word to the whole sbitmap Sasha Levin
2025-08-10 16:51 ` [PATCH AUTOSEL 6.16-6.1] ASoC: Intel: avs: Fix uninitialized pointer error in probe() Sasha Levin
2025-08-10 16:51 ` [PATCH AUTOSEL 6.16-6.12] smb: client: don't call init_waitqueue_head(&info->conn_wait) twice in _smbd_get_connection Sasha Levin
2025-08-10 16:51 ` [PATCH AUTOSEL 6.16-5.4] pNFS: Fix stripe mapping in block/scsi layout Sasha Levin
2025-08-10 16:51 ` [PATCH AUTOSEL 6.16-5.4] pNFS: Fix uninited ptr deref " Sasha Levin
2025-08-10 16:51 ` [PATCH AUTOSEL 6.16-5.4] net: phy: smsc: add proper reset flags for LAN8710A Sasha Levin
2025-08-10 16:51 ` [PATCH AUTOSEL 6.16-6.15] ASoC: Intel: sof_sdw: Add quirk for Alienware Area 51 (2025) 0CCC SKU Sasha Levin
2025-08-10 16:51 ` Sasha Levin [this message]
2025-08-10 16:51 ` [PATCH AUTOSEL 6.16-6.12] tools/power turbostat: Fix build with musl Sasha Levin
2025-08-10 16:51 ` [PATCH AUTOSEL 6.16] irqchip/mvebu-gicp: Clear pending interrupts on init Sasha Levin
2025-08-10 16:51 ` [PATCH AUTOSEL 6.16-5.4] pNFS: Fix disk addr range check in block/scsi layout Sasha Levin
2025-08-10 16:51 ` [PATCH AUTOSEL 6.16-6.12] tools/power turbostat: Handle cap_get_proc() ENOSYS Sasha Levin
2025-08-10 16:51 ` [PATCH AUTOSEL 6.16-5.4] pNFS: Handle RPC size limit for layoutcommits Sasha Levin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250810165158.1888206-11-sashal@kernel.org \
--to=sashal@kernel.org \
--cc=broonie@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=patches@lists.linux.dev \
--cc=rmk+kernel@armlinux.org.uk \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox