On Tue, 21 Dec 2021, David Vernet wrote: > When enabling a klp patch with klp_enable_patch(), klp_init_patch_early() > is invoked to initialize the kobjects for the patch itself, as well as the > 'struct klp_object' and 'struct klp_func' objects that comprise it. > However, there are some error paths in klp_enable_patch() where some > kobjects may have been initialized with kobject_init(), but an error code > is still returned due to e.g. a 'struct klp_object' having a NULL funcs > pointer. > > In these paths, the initial reference of the kobject of the 'struct > klp_patch' may never be released, along with one or more of its objects and > their functions, as kobject_put() is not invoked on the cleanup path if > klp_init_patch_early() returns an error code. > > For example, if an object entry such as the following were added to the > sample livepatch module's klp patch, it would cause the vmlinux klp_object, > and its klp_func which updates 'cmdline_proc_show', to never be released: > > static struct klp_object objs[] = { > { > /* name being NULL means vmlinux */ > .funcs = funcs, > }, > { > /* NULL funcs -- would cause reference leak */ > .name = "kvm", > }, { } > }; > > Without this change, if CONFIG_DEBUG_KOBJECT is enabled, and the sample klp > patch is loaded, the kobjects (the patch, the vmlinux 'struct klp_object', > and its func) are observed as initialized, but never released, in the dmesg > log output. With the change, these kobject references no longer fail to be > released as the error case is properly handled before they are initialized. > > Signed-off-by: David Vernet <void@xxxxxxxxxxxxx> Acked-by: Miroslav Benes <mbenes@xxxxxxx> M