The `dummy_index` global variable caused debugfs file name conflicts
during re-entry, leading to creation failures. Use atomic operations
to ensure safe and unique debugfs `dummy%d` naming.

Changes since v1:
- Replaced atomic_read + atomic_inc with atomic_inc_return.
- Added atomic_dec in the error path to maintain index consistency.
- Updated the commit message to clarify the fix.

Signed-off-by: Zxyan Zhu <zxyan20@163.com>
---
 drivers/base/regmap/regmap-debugfs.c | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/drivers/base/regmap/regmap-debugfs.c b/drivers/base/regmap/regmap-debugfs.c
index fb84cda92a75..60c8d9a673b8 100644
--- a/drivers/base/regmap/regmap-debugfs.c
+++ b/drivers/base/regmap/regmap-debugfs.c
@@ -20,7 +20,7 @@ struct regmap_debugfs_node {
 	struct list_head link;
 };
 
-static unsigned int dummy_index;
+static atomic_t dummy_index = ATOMIC_INIT(0);
 static struct dentry *regmap_debugfs_root;
 static LIST_HEAD(regmap_debugfs_early_list);
 static DEFINE_MUTEX(regmap_debugfs_early_lock);
@@ -549,6 +549,7 @@ void regmap_debugfs_init(struct regmap *map)
 	struct regmap_range_node *range_node;
 	const char *devname = "dummy";
 	const char *name = map->name;
+	int index;
 
 	/*
 	 * Userspace can initiate reads from the hardware over debugfs.
@@ -595,12 +596,13 @@ void regmap_debugfs_init(struct regmap *map)
 
 	if (!strcmp(name, "dummy")) {
 		kfree(map->debugfs_name);
-		map->debugfs_name = kasprintf(GFP_KERNEL, "dummy%d",
-						dummy_index);
-		if (!map->debugfs_name)
+		index = atomic_inc_return(&dummy_index);
+		map->debugfs_name = kasprintf(GFP_KERNEL, "dummy%d", index);
+		if (!map->debugfs_name) {
+			atomic_dec(&dummy_index);
 			return;
+		}
 		name = map->debugfs_name;
-		dummy_index++;
 	}
 
 	map->debugfs = debugfs_create_dir(name, regmap_debugfs_root);
-- 
2.34.1

On Tue, Mar 04, 2025 at 10:24:52PM +0800, Zxyan Zhu wrote:
> The `dummy_index` global variable caused debugfs file name conflicts
> during re-entry, leading to creation failures. Use atomic operations
> to ensure safe and unique debugfs `dummy%d` naming.
> 
> Changes since v1:
> - Replaced atomic_read + atomic_inc with atomic_inc_return.
> - Added atomic_dec in the error path to maintain index consistency.
> - Updated the commit message to clarify the fix.
> 
> Signed-off-by: Zxyan Zhu <zxyan20@163.com>
> ---
>  drivers/base/regmap/regmap-debugfs.c | 12 +++++++-----
>  1 file changed, 7 insertions(+), 5 deletions(-)
> 
> diff --git a/drivers/base/regmap/regmap-debugfs.c b/drivers/base/regmap/regmap-debugfs.c
> index fb84cda92a75..60c8d9a673b8 100644
> --- a/drivers/base/regmap/regmap-debugfs.c
> +++ b/drivers/base/regmap/regmap-debugfs.c
> @@ -20,7 +20,7 @@ struct regmap_debugfs_node {
>  	struct list_head link;
>  };
>  
> -static unsigned int dummy_index;
> +static atomic_t dummy_index = ATOMIC_INIT(0);
>  static struct dentry *regmap_debugfs_root;
>  static LIST_HEAD(regmap_debugfs_early_list);
>  static DEFINE_MUTEX(regmap_debugfs_early_lock);
> @@ -549,6 +549,7 @@ void regmap_debugfs_init(struct regmap *map)
>  	struct regmap_range_node *range_node;
>  	const char *devname = "dummy";
>  	const char *name = map->name;
> +	int index;
>  
>  	/*
>  	 * Userspace can initiate reads from the hardware over debugfs.
> @@ -595,12 +596,13 @@ void regmap_debugfs_init(struct regmap *map)
>  
>  	if (!strcmp(name, "dummy")) {
>  		kfree(map->debugfs_name);
> -		map->debugfs_name = kasprintf(GFP_KERNEL, "dummy%d",
> -						dummy_index);
> -		if (!map->debugfs_name)
> +		index = atomic_inc_return(&dummy_index);
> +		map->debugfs_name = kasprintf(GFP_KERNEL, "dummy%d", index);
> +		if (!map->debugfs_name) {
> +			atomic_dec(&dummy_index);
>  			return;
> +		}
>  		name = map->debugfs_name;
> -		dummy_index++;

Shouldn't you just use an idr here if there is a race condition?
There's a lock built into it that should solve all of these issues.

thanks,

greg k-h

On Tue, Mar 04, 2025 at 05:23:02PM +0100, Greg KH wrote:
> On Tue, Mar 04, 2025 at 10:24:52PM +0800, Zxyan Zhu wrote:

> >  		name = map->debugfs_name;
> > -		dummy_index++;

> Shouldn't you just use an idr here if there is a race condition?
> There's a lock built into it that should solve all of these issues.

Yes, that's probably the easiest thing.

On Tue, Mar 04, 2025 at 10:24:52PM +0800, Zxyan Zhu wrote:

> Changes since v1:
> - Replaced atomic_read + atomic_inc with atomic_inc_return.
> - Added atomic_dec in the error path to maintain index consistency.
> - Updated the commit message to clarify the fix.
> 
> Signed-off-by: Zxyan Zhu <zxyan20@163.com>
> ---

As covered in submitting-patches.rst the inter-version changelog should
be after the ---.

> -		map->debugfs_name = kasprintf(GFP_KERNEL, "dummy%d",
> -						dummy_index);
> -		if (!map->debugfs_name)
> +		index = atomic_inc_return(&dummy_index);
> +		map->debugfs_name = kasprintf(GFP_KERNEL, "dummy%d", index);
> +		if (!map->debugfs_name) {
> +			atomic_dec(&dummy_index);

Adding the decrement seems racy, we could increment again between
getting index and kasprintf() failing so might not get back to the
starting point.  It'd be a little messy to skip a number but it doesn't
really matter, and if we're under that much memory pressure probably
nobody's even going to look, so I don't see any reason to decrement.