From: Gui-Dong Han Date: Wed, 18 Mar 2026 02:48:15 +0000 (+0800) Subject: interconnect: debugfs: fix devm_kstrdup and kfree mismatch X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=028f3d0168f83be903f34a8b52cd6254d9695a57;p=thirdparty%2Flinux.git interconnect: debugfs: fix devm_kstrdup and kfree mismatch debugfs_write_file_str() uses standard kfree() to release old strings. Initializing src_node and dst_node with devm_kstrdup() creates a memory management mismatch. If a user writes to these debugfs nodes, the devm-allocated memory is freed via kfree(), leaving a dangling pointer in the device resource list that can lead to a double free. Fix this by using standard kstrdup() instead. Since the interconnect subsystem is strictly built-in and cannot be unloaded as a module, there is no exit path requiring manual cleanup of these strings. The error handling path is also simplified by taking advantage of the fact that kfree(NULL) is a safe no-op. Fixes: 8cc27f5c6dd1 ("interconnect: debugfs: initialize src_node and dst_node to empty strings") Signed-off-by: Gui-Dong Han Reviewed-by: Kuan-Wei Chiu Link: https://msgid.link/20260318024815.7655-1-hanguidong02@gmail.com Signed-off-by: Georgi Djakov --- diff --git a/drivers/interconnect/debugfs-client.c b/drivers/interconnect/debugfs-client.c index 5107bff53173..08df9188ef94 100644 --- a/drivers/interconnect/debugfs-client.c +++ b/drivers/interconnect/debugfs-client.c @@ -150,10 +150,13 @@ int icc_debugfs_client_init(struct dentry *icc_dir) return ret; } - src_node = devm_kstrdup(&pdev->dev, "", GFP_KERNEL); - dst_node = devm_kstrdup(&pdev->dev, "", GFP_KERNEL); - if (!src_node || !dst_node) + src_node = kstrdup("", GFP_KERNEL); + dst_node = kstrdup("", GFP_KERNEL); + if (!src_node || !dst_node) { + kfree(dst_node); + kfree(src_node); return -ENOMEM; + } client_dir = debugfs_create_dir("test_client", icc_dir);