From cfde7323cbd0d789d2e7c22f3139b3b2baeb6ab8 Mon Sep 17 00:00:00 2001 From: Sergey Senozhatsky Date: Wed, 10 Jun 2015 11:14:57 -0700 Subject: [PATCH] UPSTREAM: zsmalloc: fix a null pointer dereference in destroy_handle_cache() (cherry-pick from commit 02f7b4145da113683ad64c74bf64605e16b71789) If zs_create_pool()->create_handle_cache()->kmem_cache_create() or pool->name allocation fails, zs_create_pool()->destroy_handle_cache() will dereference the NULL pool->handle_cachep. Modify destroy_handle_cache() to avoid this. Bug: 25951511 Change-Id: Ie4ea82fe34ac02e6e2548e6ed47257366d7b92f5 Signed-off-by: Sergey Senozhatsky Cc: Minchan Kim Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds --- mm/zsmalloc.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/mm/zsmalloc.c b/mm/zsmalloc.c index a0ff2da18bee..22217b3205dc 100644 --- a/mm/zsmalloc.c +++ b/mm/zsmalloc.c @@ -290,7 +290,8 @@ static int create_handle_cache(struct zs_pool *pool) static void destroy_handle_cache(struct zs_pool *pool) { - kmem_cache_destroy(pool->handle_cachep); + if (pool->handle_cachep) + kmem_cache_destroy(pool->handle_cachep); } static unsigned long alloc_handle(struct zs_pool *pool)