Re: [PATCH v2 1/2] kernel: param: handle NULL module_kset in lookup_or_create_module_kobject()

public inbox for rust-for-linux@vger.kernel.org
 help / color / mirror / Atom feed

From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: Shashank Balaji <shashank.mahadasyam@sony.com>
Cc: "Kay Sievers" <kay.sievers@vrfy.org>,
	"Rafael J. Wysocki" <rafael@kernel.org>,
	"Danilo Krummrich" <dakr@kernel.org>,
	"Suzuki K Poulose" <suzuki.poulose@arm.com>,
	"Mike Leach" <mike.leach@linaro.org>,
	"James Clark" <james.clark@linaro.org>,
	"Alexander Shishkin" <alexander.shishkin@linux.intel.com>,
	"Maxime Coquelin" <mcoquelin.stm32@gmail.com>,
	"Alexandre Torgue" <alexandre.torgue@foss.st.com>,
	"Miguel Ojeda" <ojeda@kernel.org>,
	"Boqun Feng" <boqun@kernel.org>, "Gary Guo" <gary@garyguo.net>,
	"Björn Roy Baron" <bjorn3_gh@protonmail.com>,
	"Benno Lossin" <lossin@kernel.org>,
	"Andreas Hindborg" <a.hindborg@kernel.org>,
	"Alice Ryhl" <aliceryhl@google.com>,
	"Trevor Gross" <tmgross@umich.edu>,
	"Richard Cochran" <richardcochran@gmail.com>,
	"Jonathan Corbet" <corbet@lwn.net>,
	"Shuah Khan" <skhan@linuxfoundation.org>,
	"Rahul Bukte" <rahul.bukte@sony.com>,
	"Daniel Palmer" <daniel.palmer@sony.com>,
	"Tim Bird" <tim.bird@sony.com>,
	linux-kernel@vger.kernel.org, driver-core@lists.linux.dev,
	coresight@lists.linaro.org, linux-arm-kernel@lists.infradead.org,
	rust-for-linux@vger.kernel.org, linux-doc@vger.kernel.org
Subject: Re: [PATCH v2 1/2] kernel: param: handle NULL module_kset in lookup_or_create_module_kobject()
Date: Tue, 21 Apr 2026 08:27:10 +0200	[thread overview]
Message-ID: <2026042126-majesty-skyline-b76f@gregkh> (raw)
In-Reply-To: <20260421-acpi_mod_name-v2-1-e73f9310dad3@sony.com>

On Tue, Apr 21, 2026 at 03:02:34PM +0900, Shashank Balaji wrote:
> module_kset is initialized in a subsys_initcall. If a built-in driver tries to
> register before subsys_initcall with its struct device_driver's mod_name set,
> then a null module_kset is dereferenced via this call trace:
> 
>      [    0.095865] Call trace:
>      [    0.095999]  _raw_spin_lock+0x4c/0x6c (P)
>      [    0.096150]  kset_find_obj+0x24/0x104
>      [    0.096209]  lookup_or_create_module_kobject+0x2c/0xd8
>      [    0.096274]  module_add_driver+0xd4/0x138
>      [    0.096328]  bus_add_driver+0x16c/0x268
>      [    0.096380]  driver_register+0x68/0x100
>      [    0.096428]  __platform_driver_register+0x24/0x30
>      [    0.096486]  tegra194_cbb_init+0x24/0x30
>      [    0.096540]  do_one_initcall+0xdc/0x250
>      [    0.096608]  do_initcall_level+0x9c/0xd0
>      [    0.096660]  do_initcalls+0x54/0x94
>      [    0.096706]  do_basic_setup+0x20/0x2c
>      [    0.096753]  kernel_init_freeable+0xc8/0x154
>      [    0.096807]  kernel_init+0x20/0x1a0
>      [    0.096851]  ret_from_fork+0x10/0x20
> 
> So, return null in lookup_or_create_module_kobject() if module_kset is null.
> Existing callers handle null already.
> 
> Fixes: f30c53a873d0 ("MODULES: add the module name for built in kernel drivers")

This isn't a bugfix.

> Co-developed-by: Rahul Bukte <rahul.bukte@sony.com>
> Signed-off-by: Rahul Bukte <rahul.bukte@sony.com>
> Signed-off-by: Shashank Balaji <shashank.mahadasyam@sony.com>
> ---
> This bug is triggered by the next patch on arm64 defconfig: tegra194-cbb tries
> to register from a pure_initcall, and with the next patch adding mod_name, this
> null deref is hit.

So this isn't a bug, it's a "don't do that" type of thing :)

> ---
>  kernel/params.c | 3 +++
>  1 file changed, 3 insertions(+)
> 
> diff --git a/kernel/params.c b/kernel/params.c
> index 74d620bc2521..881c7328c059 100644
> --- a/kernel/params.c
> +++ b/kernel/params.c
> @@ -752,6 +752,9 @@ lookup_or_create_module_kobject(const char *name)
>  	struct kobject *kobj;
>  	int err;
>  
> +	if (!module_kset)
> +		return NULL;

Are you sure that making this change is going to be ok?
mod_sysfs_init() should have been called first as the module has to be
created before it can be looked up.

As you are wanting "built in" drivers to show up here, you are going to
beat the call to param_sysfs_init(), so don't do that.  Make sure that
the drivers are NOT called before then.

thanks,

greg k-h

next prev parent reply	other threads:[~2026-04-21  6:27 UTC|newest]

Thread overview: 13+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-04-21  6:02 [PATCH v2 0/2] Enable sysfs module symlink for more built-in drivers Shashank Balaji
2026-04-21  6:02 ` [PATCH v2 1/2] kernel: param: handle NULL module_kset in lookup_or_create_module_kobject() Shashank Balaji
2026-04-21  6:27   ` Greg Kroah-Hartman [this message]
2026-04-21 14:59     ` Shashank Balaji
2026-04-21 15:20       ` Greg Kroah-Hartman
2026-04-21  6:02 ` [PATCH v2 2/2] driver core: platform: set mod_name in driver registration Shashank Balaji
2026-04-21  6:24   ` Greg Kroah-Hartman
2026-04-22  9:49 ` [PATCH v3 0/4] Enable sysfs module symlink for more built-in drivers Shashank Balaji
2026-04-22  9:49   ` [PATCH v3 1/4] kernel: param: initialize module_kset on-demand Shashank Balaji
2026-04-22  9:49   ` [PATCH v3 2/4] coresight: pass THIS_MODULE implicitly through a macro Shashank Balaji
2026-04-22  9:49   ` [PATCH v3 3/4] driver core: platform: set mod_name in driver registration Shashank Balaji
2026-04-22  9:49   ` [PATCH v3 4/4] docs: driver-api: add mod_name argument to __platform_register_drivers() Shashank Balaji
2026-04-22 11:27     ` Greg Kroah-Hartman

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=2026042126-majesty-skyline-b76f@gregkh \
    --to=gregkh@linuxfoundation.org \
    --cc=a.hindborg@kernel.org \
    --cc=alexander.shishkin@linux.intel.com \
    --cc=alexandre.torgue@foss.st.com \
    --cc=aliceryhl@google.com \
    --cc=bjorn3_gh@protonmail.com \
    --cc=boqun@kernel.org \
    --cc=corbet@lwn.net \
    --cc=coresight@lists.linaro.org \
    --cc=dakr@kernel.org \
    --cc=daniel.palmer@sony.com \
    --cc=driver-core@lists.linux.dev \
    --cc=gary@garyguo.net \
    --cc=james.clark@linaro.org \
    --cc=kay.sievers@vrfy.org \
    --cc=linux-arm-kernel@lists.infradead.org \
    --cc=linux-doc@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=lossin@kernel.org \
    --cc=mcoquelin.stm32@gmail.com \
    --cc=mike.leach@linaro.org \
    --cc=ojeda@kernel.org \
    --cc=rafael@kernel.org \
    --cc=rahul.bukte@sony.com \
    --cc=richardcochran@gmail.com \
    --cc=rust-for-linux@vger.kernel.org \
    --cc=shashank.mahadasyam@sony.com \
    --cc=skhan@linuxfoundation.org \
    --cc=suzuki.poulose@arm.com \
    --cc=tim.bird@sony.com \
    --cc=tmgross@umich.edu \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox