1. Patchew
  2. linux
  3. View series

[PATCH] regmap: fix potential memory leak of regmap_bus

Abdun Nihaal posted 1 patch 3 months, 1 week ago 
drivers/base/regmap/regmap.c | 2 ++
1 file changed, 2 insertions(+)
[PATCH] regmap: fix potential memory leak of regmap_bus
Posted by Abdun Nihaal 3 months, 1 week ago 
When __regmap_init() is called from __regmap_init_i2c() and
__regmap_init_spi() (and their devm versions), the bus argument
obtained from regmap_get_i2c_bus() and regmap_get_spi_bus(), may be
allocated using kmemdup() to support quirks. In those cases, the
bus->free_on_exit field is set to true.

However, inside __regmap_init(), buf is not freed on any error path.
This could lead to a memory leak of regmap_bus when __regmap_init()
fails. Fix that by freeing bus on error path when free_on_exit is set.

Fixes: ea030ca68819 ("regmap-i2c: Set regmap max raw r/w from quirks")
Signed-off-by: Abdun Nihaal <abdun.nihaal@gmail.com>
---
This patch is compile tested only. Not tested on real hardware.
Bug was found using our prototype static analysis tool.

 drivers/base/regmap/regmap.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/drivers/base/regmap/regmap.c b/drivers/base/regmap/regmap.c
index f2843f814675..1f3f782a04ba 100644
--- a/drivers/base/regmap/regmap.c
+++ b/drivers/base/regmap/regmap.c
@@ -1173,6 +1173,8 @@ struct regmap *__regmap_init(struct device *dev,
 err_map:
 	kfree(map);
 err:
+	if (bus && bus->free_on_exit)
+		kfree(bus);
 	return ERR_PTR(ret);
 }
 EXPORT_SYMBOL_GPL(__regmap_init);
-- 
2.43.0
Re: [PATCH] regmap: fix potential memory leak of regmap_bus
Posted by Mark Brown 3 months, 1 week ago 
On Thu, 26 Jun 2025 22:58:21 +0530, Abdun Nihaal wrote:
> When __regmap_init() is called from __regmap_init_i2c() and
> __regmap_init_spi() (and their devm versions), the bus argument
> obtained from regmap_get_i2c_bus() and regmap_get_spi_bus(), may be
> allocated using kmemdup() to support quirks. In those cases, the
> bus->free_on_exit field is set to true.
> 
> However, inside __regmap_init(), buf is not freed on any error path.
> This could lead to a memory leak of regmap_bus when __regmap_init()
> fails. Fix that by freeing bus on error path when free_on_exit is set.
> 
> [...]

Applied to

   https://git.kernel.org/pub/scm/linux/kernel/git/broonie/regmap.git for-next

Thanks!

[1/1] regmap: fix potential memory leak of regmap_bus
      commit: c871c199accb39d0f4cb941ad0dccabfc21e9214

All being well this means that it will be integrated into the linux-next
tree (usually sometime in the next 24 hours) and sent to Linus during
the next merge window (or sooner if it is a bug fix), however if
problems are discovered then the patch may be dropped or reverted.

You may get further e-mails resulting from automated or manual testing
and review of the tree, please engage with people reporting problems and
send followup patches addressing any issues that are reported if needed.

If any updates are required or you are submitting further changes they
should be sent as incremental updates against current git, existing
patches will not be replaced.

Please add any relevant lists and maintainers to the CCs when replying
to this mail.

Thanks,
Mark

Patchew 2.1-devel-b67e4c2

© 2016 - 2025 Red Hat, Inc.