[PATCH v2 1/2] kernel: param: handle NULL module_kset in lookup_or_create_module_kobject()

Greg Kroah-Hartman gregkh at linuxfoundation.org
Mon Apr 20 23:27:10 PDT 2026 

On Tue, Apr 21, 2026 at 03:02:34PM +0900, Shashank Balaji wrote:
> module_kset is initialized in a subsys_initcall. If a built-in driver tries to
> register before subsys_initcall with its struct device_driver's mod_name set,
> then a null module_kset is dereferenced via this call trace:
> 
>      [    0.095865] Call trace:
>      [    0.095999]  _raw_spin_lock+0x4c/0x6c (P)
>      [    0.096150]  kset_find_obj+0x24/0x104
>      [    0.096209]  lookup_or_create_module_kobject+0x2c/0xd8
>      [    0.096274]  module_add_driver+0xd4/0x138
>      [    0.096328]  bus_add_driver+0x16c/0x268
>      [    0.096380]  driver_register+0x68/0x100
>      [    0.096428]  __platform_driver_register+0x24/0x30
>      [    0.096486]  tegra194_cbb_init+0x24/0x30
>      [    0.096540]  do_one_initcall+0xdc/0x250
>      [    0.096608]  do_initcall_level+0x9c/0xd0
>      [    0.096660]  do_initcalls+0x54/0x94
>      [    0.096706]  do_basic_setup+0x20/0x2c
>      [    0.096753]  kernel_init_freeable+0xc8/0x154
>      [    0.096807]  kernel_init+0x20/0x1a0
>      [    0.096851]  ret_from_fork+0x10/0x20
> 
> So, return null in lookup_or_create_module_kobject() if module_kset is null.
> Existing callers handle null already.
> 
> Fixes: f30c53a873d0 ("MODULES: add the module name for built in kernel drivers")

This isn't a bugfix.

> Co-developed-by: Rahul Bukte <rahul.bukte at sony.com>
> Signed-off-by: Rahul Bukte <rahul.bukte at sony.com>
> Signed-off-by: Shashank Balaji <shashank.mahadasyam at sony.com>
> ---
> This bug is triggered by the next patch on arm64 defconfig: tegra194-cbb tries
> to register from a pure_initcall, and with the next patch adding mod_name, this
> null deref is hit.

So this isn't a bug, it's a "don't do that" type of thing :)

> ---
>  kernel/params.c | 3 +++
>  1 file changed, 3 insertions(+)
> 
> diff --git a/kernel/params.c b/kernel/params.c
> index 74d620bc2521..881c7328c059 100644
> --- a/kernel/params.c
> +++ b/kernel/params.c
> @@ -752,6 +752,9 @@ lookup_or_create_module_kobject(const char *name)
>  	struct kobject *kobj;
>  	int err;
>  
> +	if (!module_kset)
> +		return NULL;

Are you sure that making this change is going to be ok?
mod_sysfs_init() should have been called first as the module has to be
created before it can be looked up.

As you are wanting "built in" drivers to show up here, you are going to
beat the call to param_sysfs_init(), so don't do that.  Make sure that
the drivers are NOT called before then.

thanks,

greg k-h

More information about the linux-arm-kernel mailing list