Skip to content

Commit

Permalink
zsmalloc: fix a null pointer dereference in destroy_handle_cache()
Browse files Browse the repository at this point in the history 
If zs_create_pool()->create_handle_cache()->kmem_cache_create() or
pool->name allocation fails, zs_create_pool()->destroy_handle_cache()
will dereference the NULL pool->handle_cachep.

Modify destroy_handle_cache() to avoid this.

Signed-off-by: Sergey Senozhatsky <sergey.senozhatsky@gmail.com>
Cc: Minchan Kim <minchan@kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
  • Loading branch information
Sergey Senozhatsky authored and Linus Torvalds committed Jun 10, 2015
1 parent f371763 commit 02f7b41
Showing 1 changed file with 2 additions and 1 deletion.
3 changes: 2 additions & 1 deletion mm/zsmalloc.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -289,7 +289,8 @@ static int create_handle_cache(struct zs_pool *pool)

static void destroy_handle_cache(struct zs_pool *pool)
{
kmem_cache_destroy(pool->handle_cachep);
if (pool->handle_cachep)
kmem_cache_destroy(pool->handle_cachep);
}

static unsigned long alloc_handle(struct zs_pool *pool)
Expand Down

0 comments on commit 02f7b41

Please sign in to comment.