[PATCH v2 1/2] kernel: param: handle NULL module_kset in lookup_or_create_module_kobject()
Shashank Balaji
shashank.mahadasyam at sony.com
Mon Apr 20 23:02:34 PDT 2026
module_kset is initialized in a subsys_initcall. If a built-in driver tries to
register before subsys_initcall with its struct device_driver's mod_name set,
then a null module_kset is dereferenced via this call trace:
[ 0.095865] Call trace:
[ 0.095999] _raw_spin_lock+0x4c/0x6c (P)
[ 0.096150] kset_find_obj+0x24/0x104
[ 0.096209] lookup_or_create_module_kobject+0x2c/0xd8
[ 0.096274] module_add_driver+0xd4/0x138
[ 0.096328] bus_add_driver+0x16c/0x268
[ 0.096380] driver_register+0x68/0x100
[ 0.096428] __platform_driver_register+0x24/0x30
[ 0.096486] tegra194_cbb_init+0x24/0x30
[ 0.096540] do_one_initcall+0xdc/0x250
[ 0.096608] do_initcall_level+0x9c/0xd0
[ 0.096660] do_initcalls+0x54/0x94
[ 0.096706] do_basic_setup+0x20/0x2c
[ 0.096753] kernel_init_freeable+0xc8/0x154
[ 0.096807] kernel_init+0x20/0x1a0
[ 0.096851] ret_from_fork+0x10/0x20
So, return null in lookup_or_create_module_kobject() if module_kset is null.
Existing callers handle null already.
Fixes: f30c53a873d0 ("MODULES: add the module name for built in kernel drivers")
Co-developed-by: Rahul Bukte <rahul.bukte at sony.com>
Signed-off-by: Rahul Bukte <rahul.bukte at sony.com>
Signed-off-by: Shashank Balaji <shashank.mahadasyam at sony.com>
---
This bug is triggered by the next patch on arm64 defconfig: tegra194-cbb tries
to register from a pure_initcall, and with the next patch adding mod_name, this
null deref is hit.
---
kernel/params.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/kernel/params.c b/kernel/params.c
index 74d620bc2521..881c7328c059 100644
--- a/kernel/params.c
+++ b/kernel/params.c
@@ -752,6 +752,9 @@ lookup_or_create_module_kobject(const char *name)
struct kobject *kobj;
int err;
+ if (!module_kset)
+ return NULL;
+
kobj = kset_find_obj(module_kset, name);
if (kobj)
return to_module_kobject(kobj);
--
2.43.0
More information about the linux-arm-kernel
mailing list