Patch "kobject: Add sanity check for kset->kobj.ktype in kset_register()" has been added to the 4.14-stable tree

Sasha Levin <sashal@xxxxxxxxxx> · Tue, 19 Sep 2023 13:58:27 -0400

This is a note to let you know that I've just added the patch titled

    kobject: Add sanity check for kset->kobj.ktype in kset_register()

to the 4.14-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     kobject-add-sanity-check-for-kset-kobj.ktype-in-kset.patch
and it can be found in the queue-4.14 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.



commit 436a2203628051ead981ded4cda386b4441107de
Author: Zhen Lei <thunder.leizhen@xxxxxxxxxx>
Date:   Sat Aug 5 16:41:13 2023 +0800

    kobject: Add sanity check for kset->kobj.ktype in kset_register()
    
    [ Upstream commit 4d0fe8c52bb3029d83e323c961221156ab98680b ]
    
    When I register a kset in the following way:
            static struct kset my_kset;
            kobject_set_name(&my_kset.kobj, "my_kset");
            ret = kset_register(&my_kset);
    
    A null pointer dereference exception is occurred:
    [ 4453.568337] Unable to handle kernel NULL pointer dereference at \
    virtual address 0000000000000028
    ... ...
    [ 4453.810361] Call trace:
    [ 4453.813062]  kobject_get_ownership+0xc/0x34
    [ 4453.817493]  kobject_add_internal+0x98/0x274
    [ 4453.822005]  kset_register+0x5c/0xb4
    [ 4453.825820]  my_kobj_init+0x44/0x1000 [my_kset]
    ... ...
    
    Because I didn't initialize my_kset.kobj.ktype.
    
    According to the description in Documentation/core-api/kobject.rst:
     - A ktype is the type of object that embeds a kobject.  Every structure
       that embeds a kobject needs a corresponding ktype.
    
    So add sanity check to make sure kset->kobj.ktype is not NULL.
    
    Signed-off-by: Zhen Lei <thunder.leizhen@xxxxxxxxxx>
    Link: https://lore.kernel.org/r/20230805084114.1298-2-thunder.leizhen@xxxxxxxxxxxxxxx
    Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
    Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>

diff --git a/lib/kobject.c b/lib/kobject.c
index bbbb067de8ecd..b908655c58123 100644
--- a/lib/kobject.c
+++ b/lib/kobject.c
@@ -814,6 +814,11 @@ int kset_register(struct kset *k)
 	if (!k)
 		return -EINVAL;
 
+	if (!k->kobj.ktype) {
+		pr_err("must have a ktype to be initialized properly!\n");
+		return -EINVAL;
+	}
+
 	kset_init(k);
 	err = kobject_add_internal(&k->kobj);
 	if (err)






