Re: [PATCH v3] EDAC/sysfs: Fix kobject cleanup after kobject_init_and_add() failure

From: Borislav Petkov

Date: Mon Jun 01 2026 - 16:23:51 EST

On Sat, May 02, 2026 at 04:06:47PM +0800, Guangshuo Li wrote:
> If kobject_init_and_add() fails, the initialized kobject should be
> released with kobject_put(). Otherwise the kobject may leak resources
> associated with it.
>
> Some EDAC sysfs error paths currently drop the parent kobject reference
> directly after kobject_init_and_add() fails. However, the corresponding
> release callbacks of the child kobjects already drop those parent
> references. Call kobject_put() on the initialized child kobject instead,
> so the release callbacks can unwind the references properly.
>
> In edac_device_register_sysfs_main_kobj(), kobject_put() may call
> edac_device_ctrl_master_release(), which drops the module reference and
> frees the edac_device_ctl_info object. The error path then calls
> module_put(edac_dev->owner). This dereferences edac_dev after it may have
> been freed, causing a possible use-after-free, and also drops the module
> reference twice.
>
> Track whether kobject_init_and_add() has actually been called. If it has,
> rely on the kobject release callback to drop the module reference;
> otherwise, drop the module reference directly.
>
> Also handle the EDAC PCI top-level kobject setup carefully: if
> kobject_init_and_add() was called and failed, use kobject_put(); if it
> was never called, free the allocated kobject directly.
>
> These issues were found by a static analysis tool I am developing.
>
> Fixes: 17ed808ad2431 ("EDAC: Fix reference count leaks")
> Fixes: b2ed215a3338 ("Kobject: change drivers/edac to use kobject_init_and_add")
> Signed-off-by: Guangshuo Li <lgs201920130244@xxxxxxxxx>
> ---
> v2:
> - Move kobj_initialized assignment to the kobject_init_and_add() call
> site so it records whether the kobject has actually been initialized.
> v3:
> - Fix similar kobject_init_and_add() error paths under drivers/edac/.
> - Fold in the previous edac_device_create_instance() cleanup fix.
> - Put the initialized child kobject instead of the parent kobject.
> - Avoid calling kobject_put() on edac_pci_top_main_kobj if
> kobject_init_and_add() was not called.
>
> drivers/edac/edac_device_sysfs.c | 12 ++++++++----
> drivers/edac/edac_pci_sysfs.c | 11 +++++++++--
> 2 files changed, 17 insertions(+), 6 deletions(-)

The artificial analysis tool found this:

https://sashiko.dev/#/patchset/20260502080647.522511-1-lgs201920130244%40gmail.com

--
Regards/Gruss,
Boris.

https://people.kernel.org/tglx/notes-about-netiquette