From nobody Tue Apr 7 12:44:03 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 58613C4332F for ; Mon, 17 Oct 2022 12:16:10 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230383AbiJQMQI (ORCPT ); Mon, 17 Oct 2022 08:16:08 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:60592 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230149AbiJQMQE (ORCPT ); Mon, 17 Oct 2022 08:16:04 -0400 Received: from szxga03-in.huawei.com (szxga03-in.huawei.com [45.249.212.189]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 0FADB1CB03 for ; Mon, 17 Oct 2022 05:15:33 -0700 (PDT) Received: from dggpemm500023.china.huawei.com (unknown [172.30.72.57]) by szxga03-in.huawei.com (SkyGuard) with ESMTP id 4MrbVF6JM5zJn2K; Mon, 17 Oct 2022 20:12:53 +0800 (CST) Received: from dggpemm500007.china.huawei.com (7.185.36.183) by dggpemm500023.china.huawei.com (7.185.36.83) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 17 Oct 2022 20:15:31 +0800 Received: from huawei.com (10.175.103.91) by dggpemm500007.china.huawei.com (7.185.36.183) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Mon, 17 Oct 2022 20:15:30 +0800 From: Yang Yingliang To: CC: , Subject: [PATCH v2] kobject: fix possible memory leak in kset_create_and_add() Date: Mon, 17 Oct 2022 20:14:46 +0800 Message-ID: <20221017121446.4190650-1-yangyingliang@huawei.com> X-Mailer: git-send-email 2.25.1 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Originating-IP: [10.175.103.91] X-ClientProxiedBy: dggems701-chm.china.huawei.com (10.3.19.178) To dggpemm500007.china.huawei.com (7.185.36.183) X-CFilter-Loop: Reflected Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" Inject fault while probing module (e.g. qemu_fw_cfg.ko), kset_register() may fail in kset_create_and_add(), if it fails, but the refcount of kobject is not decreased to 0, the name allocated in kset_create() is leaked. To fix this by calling kset_put(), so that name can be freed in callback function kobject_cleanup() and kset can be freed in kset_release(). unreferenced object 0xffff888103cc8c08 (size 8): comm "modprobe", pid 508, jiffies 4294915182 (age 120.020s) hex dump (first 8 bytes): 62 79 5f 6e 61 6d 65 00 by_name. backtrace: [<00000000572f97f9>] __kmalloc_track_caller+0x1ae/0x320 [<00000000a167a5cc>] kstrdup+0x3a/0x70 [<000000001cd0d05e>] kstrdup_const+0x68/0x80 [<00000000b9101e6d>] kvasprintf_const+0x10b/0x190 [<0000000088f2b8df>] kobject_set_name_vargs+0x56/0x150 [<000000003f8aca68>] kobject_set_name+0xab/0xe0 [<00000000249f7816>] kset_create_and_add+0x72/0x200 Fixes: b727c702896f ("kset: add kset_create_and_add function") Signed-off-by: Yang Yingliang --- v1 -> v2: Update commit message. --- lib/kobject.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/kobject.c b/lib/kobject.c index a0b2dbfcfa23..f5e943c9027b 100644 --- a/lib/kobject.c +++ b/lib/kobject.c @@ -982,7 +982,7 @@ struct kset *kset_create_and_add(const char *name, return NULL; error =3D kset_register(kset); if (error) { - kfree(kset); + kset_put(kset); return NULL; } return kset; --=20 2.25.1