* [PATCH] mm/huge_memory: fix memory leak when kobject_init_and_add() fails
@ 2026-06-09 13:12 ranxiaokai627
2026-06-09 13:19 ` David Hildenbrand (Arm)
0 siblings, 1 reply; 5+ messages in thread
From: ranxiaokai627 @ 2026-06-09 13:12 UTC (permalink / raw)
To: david, akpm, ljs, ziy, baolin.wang, liam, npache, ryan.roberts,
dev.jain, baohua, lance.yang
Cc: linux-mm, linux-kernel, Ran Xiaokai
From: Ran Xiaokai <ran.xiaokai@zte.com.cn>
As documented in the comments for kobject_init_and_add():
"If this function returns an error, kobject_put() must be called to
properly clean up the memory associated with the object. This is the
same type of error handling after a call to kobject_add() and kobject
lifetime rules are the same here."
This is because kobject_init_and_add() may have already allocated memory
internally for the kobject name (kobj->name), and leaving the refcount
at 1 prevents its release callback from being triggered.
Fixes: 3485b88390b0a ("mm: thp: introduce multi-size THP sysfs interface")
Signed-off-by: Ran Xiaokai <ran.xiaokai@zte.com.cn>
---
mm/huge_memory.c | 7 ++-----
1 file changed, 2 insertions(+), 5 deletions(-)
diff --git a/mm/huge_memory.c b/mm/huge_memory.c
index 653f2dc03403..601750dbe79f 100644
--- a/mm/huge_memory.c
+++ b/mm/huge_memory.c
@@ -790,11 +790,8 @@ static struct thpsize *thpsize_create(int order, struct kobject *parent)
ret = kobject_init_and_add(&thpsize->kobj, &thpsize_ktype, parent,
"hugepages-%lukB", size);
- if (ret) {
- kfree(thpsize);
- goto err;
- }
-
+ if (ret)
+ goto err_put;
ret = sysfs_add_group(&thpsize->kobj, &any_ctrl_attr_grp);
if (ret)
--
2.25.1
^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [PATCH] mm/huge_memory: fix memory leak when kobject_init_and_add() fails
2026-06-09 13:12 [PATCH] mm/huge_memory: fix memory leak when kobject_init_and_add() fails ranxiaokai627
@ 2026-06-09 13:19 ` David Hildenbrand (Arm)
2026-06-09 14:04 ` Lance Yang
0 siblings, 1 reply; 5+ messages in thread
From: David Hildenbrand (Arm) @ 2026-06-09 13:19 UTC (permalink / raw)
To: ranxiaokai627, akpm, ljs, ziy, baolin.wang, liam, npache,
ryan.roberts, dev.jain, baohua, lance.yang
Cc: linux-mm, linux-kernel, Ran Xiaokai
On 6/9/26 15:12, ranxiaokai627@163.com wrote:
> From: Ran Xiaokai <ran.xiaokai@zte.com.cn>
>
> As documented in the comments for kobject_init_and_add():
>
> "If this function returns an error, kobject_put() must be called to
> properly clean up the memory associated with the object. This is the
> same type of error handling after a call to kobject_add() and kobject
> lifetime rules are the same here."
>
> This is because kobject_init_and_add() may have already allocated memory
> internally for the kobject name (kobj->name), and leaving the refcount
> at 1 prevents its release callback from being triggered.
>
> Fixes: 3485b88390b0a ("mm: thp: introduce multi-size THP sysfs interface")
> Signed-off-by: Ran Xiaokai <ran.xiaokai@zte.com.cn>
> ---
> mm/huge_memory.c | 7 ++-----
> 1 file changed, 2 insertions(+), 5 deletions(-)
>
> diff --git a/mm/huge_memory.c b/mm/huge_memory.c
> index 653f2dc03403..601750dbe79f 100644
> --- a/mm/huge_memory.c
> +++ b/mm/huge_memory.c
> @@ -790,11 +790,8 @@ static struct thpsize *thpsize_create(int order, struct kobject *parent)
>
> ret = kobject_init_and_add(&thpsize->kobj, &thpsize_ktype, parent,
> "hugepages-%lukB", size);
> - if (ret) {
> - kfree(thpsize);
> - goto err;
> - }
> -
> + if (ret)
> + goto err_put;
>
> ret = sysfs_add_group(&thpsize->kobj, &any_ctrl_attr_grp);
> if (ret)
This looks a lot like:
https://lore.kernel.org/all/20260411062152.2092967-1-lgs201920130244@gmail.com/
--
Cheers,
David
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] mm/huge_memory: fix memory leak when kobject_init_and_add() fails
2026-06-09 13:19 ` David Hildenbrand (Arm)
@ 2026-06-09 14:04 ` Lance Yang
2026-06-09 14:20 ` Lorenzo Stoakes
2026-06-10 0:28 ` SeongJae Park
0 siblings, 2 replies; 5+ messages in thread
From: Lance Yang @ 2026-06-09 14:04 UTC (permalink / raw)
To: ranxiaokai627
Cc: linux-mm, ziy, ljs, dev.jain, akpm, baolin.wang, baohua,
David Hildenbrand (Arm), linux-kernel, npache, Ran Xiaokai, liam,
ryan.roberts
On 2026/6/9 21:19, David Hildenbrand (Arm) wrote:
> On 6/9/26 15:12, ranxiaokai627@163.com wrote:
>> From: Ran Xiaokai <ran.xiaokai@zte.com.cn>
>>
>> As documented in the comments for kobject_init_and_add():
>>
>> "If this function returns an error, kobject_put() must be called to
>> properly clean up the memory associated with the object. This is the
>> same type of error handling after a call to kobject_add() and kobject
>> lifetime rules are the same here."
>>
>> This is because kobject_init_and_add() may have already allocated memory
>> internally for the kobject name (kobj->name), and leaving the refcount
>> at 1 prevents its release callback from being triggered.
>>
>> Fixes: 3485b88390b0a ("mm: thp: introduce multi-size THP sysfs interface")
>> Signed-off-by: Ran Xiaokai <ran.xiaokai@zte.com.cn>
>> ---
>> mm/huge_memory.c | 7 ++-----
>> 1 file changed, 2 insertions(+), 5 deletions(-)
>>
>> diff --git a/mm/huge_memory.c b/mm/huge_memory.c
>> index 653f2dc03403..601750dbe79f 100644
>> --- a/mm/huge_memory.c
>> +++ b/mm/huge_memory.c
>> @@ -790,11 +790,8 @@ static struct thpsize *thpsize_create(int order, struct kobject *parent)
>>
>> ret = kobject_init_and_add(&thpsize->kobj, &thpsize_ktype, parent,
>> "hugepages-%lukB", size);
>> - if (ret) {
>> - kfree(thpsize);
>> - goto err;
>> - }
>> -
>> + if (ret)
>> + goto err_put;
>>
>> ret = sysfs_add_group(&thpsize->kobj, &any_ctrl_attr_grp);
>> if (ret)
>
> This looks a lot like:
>
> https://lore.kernel.org/all/20260411062152.2092967-1-lgs201920130244@gmail.com/
Right, the same issue :) There is a v2:
https://lore.kernel.org/linux-mm/20260412175428.2613383-1-lgs201920130244@gmail.com/
Still pending, though ...
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] mm/huge_memory: fix memory leak when kobject_init_and_add() fails
2026-06-09 14:04 ` Lance Yang
@ 2026-06-09 14:20 ` Lorenzo Stoakes
2026-06-10 0:28 ` SeongJae Park
1 sibling, 0 replies; 5+ messages in thread
From: Lorenzo Stoakes @ 2026-06-09 14:20 UTC (permalink / raw)
To: Lance Yang
Cc: ranxiaokai627, linux-mm, ziy, dev.jain, akpm, baolin.wang, baohua,
David Hildenbrand (Arm), linux-kernel, npache, Ran Xiaokai, liam,
ryan.roberts
On Tue, Jun 09, 2026 at 10:04:16PM +0800, Lance Yang wrote:
>
>
> On 2026/6/9 21:19, David Hildenbrand (Arm) wrote:
> > On 6/9/26 15:12, ranxiaokai627@163.com wrote:
> > > From: Ran Xiaokai <ran.xiaokai@zte.com.cn>
> > >
> > > As documented in the comments for kobject_init_and_add():
> > >
> > > "If this function returns an error, kobject_put() must be called to
> > > properly clean up the memory associated with the object. This is the
> > > same type of error handling after a call to kobject_add() and kobject
> > > lifetime rules are the same here."
> > >
> > > This is because kobject_init_and_add() may have already allocated memory
> > > internally for the kobject name (kobj->name), and leaving the refcount
> > > at 1 prevents its release callback from being triggered.
> > >
> > > Fixes: 3485b88390b0a ("mm: thp: introduce multi-size THP sysfs interface")
> > > Signed-off-by: Ran Xiaokai <ran.xiaokai@zte.com.cn>
> > > ---
> > > mm/huge_memory.c | 7 ++-----
> > > 1 file changed, 2 insertions(+), 5 deletions(-)
> > >
> > > diff --git a/mm/huge_memory.c b/mm/huge_memory.c
> > > index 653f2dc03403..601750dbe79f 100644
> > > --- a/mm/huge_memory.c
> > > +++ b/mm/huge_memory.c
> > > @@ -790,11 +790,8 @@ static struct thpsize *thpsize_create(int order, struct kobject *parent)
> > > ret = kobject_init_and_add(&thpsize->kobj, &thpsize_ktype, parent,
> > > "hugepages-%lukB", size);
> > > - if (ret) {
> > > - kfree(thpsize);
> > > - goto err;
> > > - }
> > > -
> > > + if (ret)
> > > + goto err_put;
> > > ret = sysfs_add_group(&thpsize->kobj, &any_ctrl_attr_grp);
> > > if (ret)
> >
> > This looks a lot like:
> >
> > https://lore.kernel.org/all/20260411062152.2092967-1-lgs201920130244@gmail.com/
>
> Right, the same issue :) There is a v2:
>
> https://lore.kernel.org/linux-mm/20260412175428.2613383-1-lgs201920130244@gmail.com/
>
> Still pending, though ...
If people could use my actual correct email address it might not have been
pending :) *grumble*
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] mm/huge_memory: fix memory leak when kobject_init_and_add() fails
2026-06-09 14:04 ` Lance Yang
2026-06-09 14:20 ` Lorenzo Stoakes
@ 2026-06-10 0:28 ` SeongJae Park
1 sibling, 0 replies; 5+ messages in thread
From: SeongJae Park @ 2026-06-10 0:28 UTC (permalink / raw)
To: Lance Yang
Cc: SeongJae Park, ranxiaokai627, linux-mm, ziy, ljs, dev.jain, akpm,
baolin.wang, baohua, David Hildenbrand (Arm), linux-kernel,
npache, Ran Xiaokai, liam, ryan.roberts, Guangshuo Li
+ Guangshuo
On Tue, 9 Jun 2026 22:04:16 +0800 Lance Yang <lance.yang@linux.dev> wrote:
>
>
> On 2026/6/9 21:19, David Hildenbrand (Arm) wrote:
> > On 6/9/26 15:12, ranxiaokai627@163.com wrote:
> >> From: Ran Xiaokai <ran.xiaokai@zte.com.cn>
> >>
> >> As documented in the comments for kobject_init_and_add():
> >>
> >> "If this function returns an error, kobject_put() must be called to
> >> properly clean up the memory associated with the object. This is the
> >> same type of error handling after a call to kobject_add() and kobject
> >> lifetime rules are the same here."
> >>
> >> This is because kobject_init_and_add() may have already allocated memory
> >> internally for the kobject name (kobj->name), and leaving the refcount
> >> at 1 prevents its release callback from being triggered.
> >>
> >> Fixes: 3485b88390b0a ("mm: thp: introduce multi-size THP sysfs interface")
> >> Signed-off-by: Ran Xiaokai <ran.xiaokai@zte.com.cn>
> >> ---
> >> mm/huge_memory.c | 7 ++-----
> >> 1 file changed, 2 insertions(+), 5 deletions(-)
> >>
> >> diff --git a/mm/huge_memory.c b/mm/huge_memory.c
> >> index 653f2dc03403..601750dbe79f 100644
> >> --- a/mm/huge_memory.c
> >> +++ b/mm/huge_memory.c
> >> @@ -790,11 +790,8 @@ static struct thpsize *thpsize_create(int order, struct kobject *parent)
> >>
> >> ret = kobject_init_and_add(&thpsize->kobj, &thpsize_ktype, parent,
> >> "hugepages-%lukB", size);
> >> - if (ret) {
> >> - kfree(thpsize);
> >> - goto err;
> >> - }
> >> -
> >> + if (ret)
> >> + goto err_put;
> >>
> >> ret = sysfs_add_group(&thpsize->kobj, &any_ctrl_attr_grp);
> >> if (ret)
> >
> > This looks a lot like:
> >
> > https://lore.kernel.org/all/20260411062152.2092967-1-lgs201920130244@gmail.com/
>
> Right, the same issue :) There is a v2:
>
> https://lore.kernel.org/linux-mm/20260412175428.2613383-1-lgs201920130244@gmail.com/
>
> Still pending, though ...
I added the author of the patch (Guangshuo) to the recipients list of this
mail, because they may better to aware of this.
Thanks,
SJ
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2026-06-10 0:29 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-06-09 13:12 [PATCH] mm/huge_memory: fix memory leak when kobject_init_and_add() fails ranxiaokai627
2026-06-09 13:19 ` David Hildenbrand (Arm)
2026-06-09 14:04 ` Lance Yang
2026-06-09 14:20 ` Lorenzo Stoakes
2026-06-10 0:28 ` SeongJae Park
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.