[PATCH] mm/huge_memory: fix memory leak when kobject_init_and

Linux-mm Archive on lore.kernel.org
 help / color / mirror / Atom feed

* [PATCH] mm/huge_memory: fix memory leak when kobject_init_and_add() fails
@ 2026-06-09 13:12 ranxiaokai627
  2026-06-09 13:19 ` David Hildenbrand (Arm)
  0 siblings, 1 reply; 5+ messages in thread
From: ranxiaokai627 @ 2026-06-09 13:12 UTC (permalink / raw)
  To: david, akpm, ljs, ziy, baolin.wang, liam, npache, ryan.roberts,
	dev.jain, baohua, lance.yang
  Cc: linux-mm, linux-kernel, Ran Xiaokai

From: Ran Xiaokai <ran.xiaokai@zte.com.cn>

As documented in the comments for kobject_init_and_add():

"If this function returns an error, kobject_put() must be called to
properly clean up the memory associated with the object.  This is the
same type of error handling after a call to kobject_add() and kobject
lifetime rules are the same here."

This is because kobject_init_and_add() may have already allocated memory
internally for the kobject name (kobj->name), and leaving the refcount
at 1 prevents its release callback from being triggered.

Fixes: 3485b88390b0a ("mm: thp: introduce multi-size THP sysfs interface")
Signed-off-by: Ran Xiaokai <ran.xiaokai@zte.com.cn>
---
 mm/huge_memory.c | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

diff --git a/mm/huge_memory.c b/mm/huge_memory.c
index 653f2dc03403..601750dbe79f 100644
--- a/mm/huge_memory.c
+++ b/mm/huge_memory.c
@@ -790,11 +790,8 @@ static struct thpsize *thpsize_create(int order, struct kobject *parent)
 
 	ret = kobject_init_and_add(&thpsize->kobj, &thpsize_ktype, parent,
 				   "hugepages-%lukB", size);
-	if (ret) {
-		kfree(thpsize);
-		goto err;
-	}
-
+	if (ret)
+		goto err_put;
 
 	ret = sysfs_add_group(&thpsize->kobj, &any_ctrl_attr_grp);
 	if (ret)
-- 
2.25.1




^ permalink raw reply related	[flat|nested] 5+ messages in thread

* Re: [PATCH] mm/huge_memory: fix memory leak when kobject_init_and_add() fails
  2026-06-09 13:12 [PATCH] mm/huge_memory: fix memory leak when kobject_init_and_add() fails ranxiaokai627
@ 2026-06-09 13:19 ` David Hildenbrand (Arm)
  2026-06-09 14:04   ` Lance Yang
  0 siblings, 1 reply; 5+ messages in thread
From: David Hildenbrand (Arm) @ 2026-06-09 13:19 UTC (permalink / raw)
  To: ranxiaokai627, akpm, ljs, ziy, baolin.wang, liam, npache,
	ryan.roberts, dev.jain, baohua, lance.yang
  Cc: linux-mm, linux-kernel, Ran Xiaokai

On 6/9/26 15:12, ranxiaokai627@163.com wrote:
> From: Ran Xiaokai <ran.xiaokai@zte.com.cn>
> 
> As documented in the comments for kobject_init_and_add():
> 
> "If this function returns an error, kobject_put() must be called to
> properly clean up the memory associated with the object.  This is the
> same type of error handling after a call to kobject_add() and kobject
> lifetime rules are the same here."
> 
> This is because kobject_init_and_add() may have already allocated memory
> internally for the kobject name (kobj->name), and leaving the refcount
> at 1 prevents its release callback from being triggered.
> 
> Fixes: 3485b88390b0a ("mm: thp: introduce multi-size THP sysfs interface")
> Signed-off-by: Ran Xiaokai <ran.xiaokai@zte.com.cn>
> ---
>  mm/huge_memory.c | 7 ++-----
>  1 file changed, 2 insertions(+), 5 deletions(-)
> 
> diff --git a/mm/huge_memory.c b/mm/huge_memory.c
> index 653f2dc03403..601750dbe79f 100644
> --- a/mm/huge_memory.c
> +++ b/mm/huge_memory.c
> @@ -790,11 +790,8 @@ static struct thpsize *thpsize_create(int order, struct kobject *parent)
>  
>  	ret = kobject_init_and_add(&thpsize->kobj, &thpsize_ktype, parent,
>  				   "hugepages-%lukB", size);
> -	if (ret) {
> -		kfree(thpsize);
> -		goto err;
> -	}
> -
> +	if (ret)
> +		goto err_put;
>  
>  	ret = sysfs_add_group(&thpsize->kobj, &any_ctrl_attr_grp);
>  	if (ret)

This looks a lot like:

https://lore.kernel.org/all/20260411062152.2092967-1-lgs201920130244@gmail.com/

-- 
Cheers,

David


^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH] mm/huge_memory: fix memory leak when kobject_init_and_add() fails
  2026-06-09 13:19 ` David Hildenbrand (Arm)
@ 2026-06-09 14:04   ` Lance Yang
  2026-06-09 14:20     ` Lorenzo Stoakes
  2026-06-10  0:28     ` SeongJae Park
  0 siblings, 2 replies; 5+ messages in thread
From: Lance Yang @ 2026-06-09 14:04 UTC (permalink / raw)
  To: ranxiaokai627
  Cc: linux-mm, ziy, ljs, dev.jain, akpm, baolin.wang, baohua,
	David Hildenbrand (Arm), linux-kernel, npache, Ran Xiaokai, liam,
	ryan.roberts



On 2026/6/9 21:19, David Hildenbrand (Arm) wrote:
> On 6/9/26 15:12, ranxiaokai627@163.com wrote:
>> From: Ran Xiaokai <ran.xiaokai@zte.com.cn>
>>
>> As documented in the comments for kobject_init_and_add():
>>
>> "If this function returns an error, kobject_put() must be called to
>> properly clean up the memory associated with the object.  This is the
>> same type of error handling after a call to kobject_add() and kobject
>> lifetime rules are the same here."
>>
>> This is because kobject_init_and_add() may have already allocated memory
>> internally for the kobject name (kobj->name), and leaving the refcount
>> at 1 prevents its release callback from being triggered.
>>
>> Fixes: 3485b88390b0a ("mm: thp: introduce multi-size THP sysfs interface")
>> Signed-off-by: Ran Xiaokai <ran.xiaokai@zte.com.cn>
>> ---
>>   mm/huge_memory.c | 7 ++-----
>>   1 file changed, 2 insertions(+), 5 deletions(-)
>>
>> diff --git a/mm/huge_memory.c b/mm/huge_memory.c
>> index 653f2dc03403..601750dbe79f 100644
>> --- a/mm/huge_memory.c
>> +++ b/mm/huge_memory.c
>> @@ -790,11 +790,8 @@ static struct thpsize *thpsize_create(int order, struct kobject *parent)
>>   
>>   	ret = kobject_init_and_add(&thpsize->kobj, &thpsize_ktype, parent,
>>   				   "hugepages-%lukB", size);
>> -	if (ret) {
>> -		kfree(thpsize);
>> -		goto err;
>> -	}
>> -
>> +	if (ret)
>> +		goto err_put;
>>   
>>   	ret = sysfs_add_group(&thpsize->kobj, &any_ctrl_attr_grp);
>>   	if (ret)
> 
> This looks a lot like:
> 
> https://lore.kernel.org/all/20260411062152.2092967-1-lgs201920130244@gmail.com/

Right, the same issue :) There is a v2:

https://lore.kernel.org/linux-mm/20260412175428.2613383-1-lgs201920130244@gmail.com/

Still pending, though ...


^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH] mm/huge_memory: fix memory leak when kobject_init_and_add() fails
  2026-06-09 14:04   ` Lance Yang
@ 2026-06-09 14:20     ` Lorenzo Stoakes
  2026-06-10  0:28     ` SeongJae Park
  1 sibling, 0 replies; 5+ messages in thread
From: Lorenzo Stoakes @ 2026-06-09 14:20 UTC (permalink / raw)
  To: Lance Yang
  Cc: ranxiaokai627, linux-mm, ziy, dev.jain, akpm, baolin.wang, baohua,
	David Hildenbrand (Arm), linux-kernel, npache, Ran Xiaokai, liam,
	ryan.roberts

On Tue, Jun 09, 2026 at 10:04:16PM +0800, Lance Yang wrote:
>
>
> On 2026/6/9 21:19, David Hildenbrand (Arm) wrote:
> > On 6/9/26 15:12, ranxiaokai627@163.com wrote:
> > > From: Ran Xiaokai <ran.xiaokai@zte.com.cn>
> > >
> > > As documented in the comments for kobject_init_and_add():
> > >
> > > "If this function returns an error, kobject_put() must be called to
> > > properly clean up the memory associated with the object.  This is the
> > > same type of error handling after a call to kobject_add() and kobject
> > > lifetime rules are the same here."
> > >
> > > This is because kobject_init_and_add() may have already allocated memory
> > > internally for the kobject name (kobj->name), and leaving the refcount
> > > at 1 prevents its release callback from being triggered.
> > >
> > > Fixes: 3485b88390b0a ("mm: thp: introduce multi-size THP sysfs interface")
> > > Signed-off-by: Ran Xiaokai <ran.xiaokai@zte.com.cn>
> > > ---
> > >   mm/huge_memory.c | 7 ++-----
> > >   1 file changed, 2 insertions(+), 5 deletions(-)
> > >
> > > diff --git a/mm/huge_memory.c b/mm/huge_memory.c
> > > index 653f2dc03403..601750dbe79f 100644
> > > --- a/mm/huge_memory.c
> > > +++ b/mm/huge_memory.c
> > > @@ -790,11 +790,8 @@ static struct thpsize *thpsize_create(int order, struct kobject *parent)
> > >   	ret = kobject_init_and_add(&thpsize->kobj, &thpsize_ktype, parent,
> > >   				   "hugepages-%lukB", size);
> > > -	if (ret) {
> > > -		kfree(thpsize);
> > > -		goto err;
> > > -	}
> > > -
> > > +	if (ret)
> > > +		goto err_put;
> > >   	ret = sysfs_add_group(&thpsize->kobj, &any_ctrl_attr_grp);
> > >   	if (ret)
> >
> > This looks a lot like:
> >
> > https://lore.kernel.org/all/20260411062152.2092967-1-lgs201920130244@gmail.com/
>
> Right, the same issue :) There is a v2:
>
> https://lore.kernel.org/linux-mm/20260412175428.2613383-1-lgs201920130244@gmail.com/
>
> Still pending, though ...

If people could use my actual correct email address it might not have been
pending :) *grumble*


^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH] mm/huge_memory: fix memory leak when kobject_init_and_add() fails
  2026-06-09 14:04   ` Lance Yang
  2026-06-09 14:20     ` Lorenzo Stoakes
@ 2026-06-10  0:28     ` SeongJae Park
  1 sibling, 0 replies; 5+ messages in thread
From: SeongJae Park @ 2026-06-10  0:28 UTC (permalink / raw)
  To: Lance Yang
  Cc: SeongJae Park, ranxiaokai627, linux-mm, ziy, ljs, dev.jain, akpm,
	baolin.wang, baohua, David Hildenbrand (Arm), linux-kernel,
	npache, Ran Xiaokai, liam, ryan.roberts, Guangshuo Li

+ Guangshuo

On Tue, 9 Jun 2026 22:04:16 +0800 Lance Yang <lance.yang@linux.dev> wrote:

> 
> 
> On 2026/6/9 21:19, David Hildenbrand (Arm) wrote:
> > On 6/9/26 15:12, ranxiaokai627@163.com wrote:
> >> From: Ran Xiaokai <ran.xiaokai@zte.com.cn>
> >>
> >> As documented in the comments for kobject_init_and_add():
> >>
> >> "If this function returns an error, kobject_put() must be called to
> >> properly clean up the memory associated with the object.  This is the
> >> same type of error handling after a call to kobject_add() and kobject
> >> lifetime rules are the same here."
> >>
> >> This is because kobject_init_and_add() may have already allocated memory
> >> internally for the kobject name (kobj->name), and leaving the refcount
> >> at 1 prevents its release callback from being triggered.
> >>
> >> Fixes: 3485b88390b0a ("mm: thp: introduce multi-size THP sysfs interface")
> >> Signed-off-by: Ran Xiaokai <ran.xiaokai@zte.com.cn>
> >> ---
> >>   mm/huge_memory.c | 7 ++-----
> >>   1 file changed, 2 insertions(+), 5 deletions(-)
> >>
> >> diff --git a/mm/huge_memory.c b/mm/huge_memory.c
> >> index 653f2dc03403..601750dbe79f 100644
> >> --- a/mm/huge_memory.c
> >> +++ b/mm/huge_memory.c
> >> @@ -790,11 +790,8 @@ static struct thpsize *thpsize_create(int order, struct kobject *parent)
> >>   
> >>   	ret = kobject_init_and_add(&thpsize->kobj, &thpsize_ktype, parent,
> >>   				   "hugepages-%lukB", size);
> >> -	if (ret) {
> >> -		kfree(thpsize);
> >> -		goto err;
> >> -	}
> >> -
> >> +	if (ret)
> >> +		goto err_put;
> >>   
> >>   	ret = sysfs_add_group(&thpsize->kobj, &any_ctrl_attr_grp);
> >>   	if (ret)
> > 
> > This looks a lot like:
> > 
> > https://lore.kernel.org/all/20260411062152.2092967-1-lgs201920130244@gmail.com/
> 
> Right, the same issue :) There is a v2:
> 
> https://lore.kernel.org/linux-mm/20260412175428.2613383-1-lgs201920130244@gmail.com/
> 
> Still pending, though ...

I added the author of the patch (Guangshuo) to the recipients list of this
mail, because they may better to aware of this.


Thanks,
SJ


^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2026-06-10  0:29 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-06-09 13:12 [PATCH] mm/huge_memory: fix memory leak when kobject_init_and_add() fails ranxiaokai627
2026-06-09 13:19 ` David Hildenbrand (Arm)
2026-06-09 14:04   ` Lance Yang
2026-06-09 14:20     ` Lorenzo Stoakes
2026-06-10  0:28     ` SeongJae Park

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox