From nobody Mon Jun 15 20:35:03 2026 Received: from mail-pf1-f177.google.com (mail-pf1-f177.google.com [209.85.210.177]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E8CE93DA7C7 for ; Mon, 13 Apr 2026 14:18:11 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.210.177 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1776089893; cv=none; b=kkLEQ81hTeWOejcqKWIxeJHKNpWA0wYpvr2mmtxrA7Amu5Mxt4U4diDDaDwxE42Cx1dtYknVwzgkoRD8zbsT4way60KxkiJjkZF90imTZW9EpljTYcVrBCYmiVr2k7yUquII83S19/D4dK7B/0ac9s5W16I3QDKhqCkJ5Sh8dYE= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1776089893; c=relaxed/simple; bh=52DKUzSfxH+6to29E7Q2NvM2A03f/yaUTaPX88jYODY=; h=From:To:Cc:Subject:Date:Message-ID:MIME-Version; b=G92FDhq+kVL3p7Bg+aP3b6FgK0FhZvvoEmdV+zTGCFwixfGWZrMV49E8NPuKKGEcdivlmEcWMGUcaqgRj+QxdCrr+hHrDCSzDodbEnAmCx8UckSVBPs54hBVc5XcYcRo/8cOHrfJA2M6q3aFtFbGyt4XLFyAd88b9/UkzkUYelo= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=WWkJp4jQ; arc=none smtp.client-ip=209.85.210.177 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="WWkJp4jQ" Received: by mail-pf1-f177.google.com with SMTP id d2e1a72fcca58-82f4a53ae20so377634b3a.3 for ; Mon, 13 Apr 2026 07:18:11 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1776089891; x=1776694691; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=MfCfEoCQ1xm5a/h4AZyKBHqio5jzH+2E+QVtjsmZ74I=; b=WWkJp4jQSPraWUxImI3DQxRZZvH5Ll/waxg5q30om+fk2RR+qVSGqqANLLcPXZ4pCd wmfFPw7qqi1J42IeXz71VlekiEU0h97v02gEqjaB1z3OxlH/GNzITnkzJBM/ocCsaPhf +YN6q7Wpvcqw/ZEITXtD6VCdBB4y8M7i046QYdff5Ewu41hsdGKm3SqkDobWizNLJMTU 6TyT+Cl6U1jZ7Ko9FcIntsTPSTRr8ykVlBTaKanWc2o/sxBBmJjjpKSOj73FNdlUlN0h /GFYCzPLmtLgI46Ywf0S6gmO0/P6eUyw/9qOtbS5VwzB1tGUczdCfIhM4+VdrEL8OqpZ zF2A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1776089891; x=1776694691; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=MfCfEoCQ1xm5a/h4AZyKBHqio5jzH+2E+QVtjsmZ74I=; b=MCicOEAWo+jL1nnVK7mJ73J+Yx1Bdv+iwIGKb3KQpATPxHsqAVi+hNmktVm7sBwPlg VM5XRkCmWKZi3V9S+lthJAJu7b/Kh7Zl36VIH/vtmOZAieGzw3v5/vS3KBhmVB+/9tRX /+vQtBUEDI2R3mjIaEVoRdNWo6sCc5FpDj/qBo+fMbxPPybjsBsxEAc0WwOliQn2ZBE4 0EgA1v7z0DffvBo17Nsc29cKVaSQ31De79FV0DoxPdtEaZZ/ppwT1BSgPLAsBASIFSMt tIpQf/4NFnU7cL4KMVWC+sNMumQUhtNulJhBkZhRos7o3R9dbD+WoIISatV2qHIbOhsy DQ5A== X-Forwarded-Encrypted: i=1; AFNElJ/kByMw4colJEdQXOrEGpmLeZkVp05D2hrQ7NLCcQZ95QwcHv5gCutoJfQH5O713Y+xhwOIgevlXN1/12s=@vger.kernel.org X-Gm-Message-State: AOJu0YzE/YsAk7h8zmkwWHq7XmCaA49ChKYB+OABk9cJtkxKeE5j7wCe elpaz/n+sqj0jEyx4qzQo5+vhmBRH2pR8X1JHKqSnja7lrDCBgQvUMMD X-Gm-Gg: AeBDietWwAZqDiZwV/s35NJqibU6VZ7oY3wtZyR7XOwFalIrAeBPV3/qdIQMAx4h4Lb D2HWvUoWhReM4uN6m+8cugt2MEFRRSJvQrlK292T4ywDjtkq0xA8T2O+6+QZ2WLJFQQAZ/3mIP2 8MdoNmf3ZAgofaInJayK4Tw6kBK4qBNKNQm4zAZF9Vo0zxlyIHawmkARvB71Qy0+OG6yF6qiBGH s5gT9mwVMffXYbofEaYOfW/IpoPWPg9y89BfOusRuvvAww2BDjs3h13Mczz8W6jGy39LgAGHR/U nyn3mwvru88l9ECugkEX1cNkaRJMTvCFs21oo1a+9udw6l6fTyMjXk0XC/CahFWnjr/hdKA19Oz k6PcSy9fhpapN6m7569ezBOYmLiSvMbtv/7if9MbeVrTsZxP2HfVfbKVx8mRwHnZfy7V0KcQTaL U8xJ8mb/0kRlo1c+kcf7lXvPIjCdE8rMk= X-Received: by 2002:a05:6a00:a116:b0:82c:e0d7:2682 with SMTP id d2e1a72fcca58-82f0c2a72dcmr15538886b3a.25.1776089891310; Mon, 13 Apr 2026 07:18:11 -0700 (PDT) Received: from lgs.. ([2409:893d:1188:142d:6c67:74e8:5200:1f39]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-82f0c377318sm10978531b3a.26.2026.04.13.07.18.07 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 13 Apr 2026 07:18:10 -0700 (PDT) From: Guangshuo Li To: Song Liu , Yu Kuai , Greg Kroah-Hartman , linux-raid@vger.kernel.org, linux-kernel@vger.kernel.org Cc: Guangshuo Li , stable@vger.kernel.org Subject: [PATCH v2] md: fix kobject reference leak in md_import_device() Date: Mon, 13 Apr 2026 22:17:59 +0800 Message-ID: <20260413141759.2970973-1-lgs201920130244@gmail.com> X-Mailer: git-send-email 2.43.0 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" md_import_device() initializes rdev->kobj with kobject_init() before checking the device size and loading the superblock. When one of the later checks fails, the error path still frees rdev directly with kfree(). This bypasses the kobject release path and leaves the kobject reference unbalanced. The issue was identified by a static analysis tool I developed and confirmed by manual review. After kobject_init(), release rdev through kobject_put() instead of kfree(). Fixes: f9cb074bff8e ("Kobject: rename kobject_init_ng() to kobject_init()") Cc: stable@vger.kernel.org Signed-off-by: Guangshuo Li --- v2: - note that the issue was identified by my static analysis tool - and confirmed by manual review drivers/md/md.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/md/md.c b/drivers/md/md.c index 6d73f6e196a9..4ce7512dc834 100644 --- a/drivers/md/md.c +++ b/drivers/md/md.c @@ -3871,6 +3871,9 @@ static struct md_rdev *md_import_device(dev_t newdev,= int super_format, int supe =20 out_blkdev_put: fput(rdev->bdev_file); + md_rdev_clear(rdev); + kobject_put(&rdev->kobj); + return ERR_PTR(err); out_clear_rdev: md_rdev_clear(rdev); out_free_rdev: --=20 2.43.0