Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1753666AbbFIAkM (ORCPT <rfc822;w@1wt.eu>);
	Mon, 8 Jun 2015 20:40:12 -0400
Received: from mail.linuxfoundation.org ([140.211.169.12]:60213 "EHLO
	mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1753178AbbFIAkH (ORCPT
	<rfc822;linux-kernel@vger.kernel.org>);
	Mon, 8 Jun 2015 20:40:07 -0400
Date: Mon, 8 Jun 2015 17:43:06 -0700
From: Andrew Morton <akpm@linux-foundation.org>
To: Joonsoo Kim <iamjoonsoo.kim@lge.com>
Cc: Sergey Senozhatsky <sergey.senozhatsky@gmail.com>,
        Minchan Kim <minchan@kernel.org>, linux-mm@kvack.org,
        linux-kernel@vger.kernel.org,
        Sergey Senozhatsky <sergey.senozhatsky.work@gmail.com>,
        Christoph Lameter <cl@linux.com>, Pekka Enberg <penberg@kernel.org>,
        David Rientjes <rientjes@google.com>
Subject: Re: [PATCH] zsmalloc: fix a null pointer dereference in
 destroy_handle_cache()
Message-Id: <20150608174306.92652579.akpm@linux-foundation.org>
In-Reply-To: <20150609003827.GD9687@js1304-P5Q-DELUXE>
References: <1433502690-2524-1-git-send-email-sergey.senozhatsky@gmail.com>
	<20150608135532.ac913746b6394217e92a229a@linux-foundation.org>
	<20150609003827.GD9687@js1304-P5Q-DELUXE>
X-Mailer: Sylpheed 2.7.1 (GTK+ 2.18.9; x86_64-redhat-linux-gnu)
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 1452
Lines: 42

On Tue, 9 Jun 2015 09:38:27 +0900 Joonsoo Kim <iamjoonsoo.kim@lge.com> wrote:

> > > ...
> > >
> > > --- a/mm/zsmalloc.c
> > > +++ b/mm/zsmalloc.c
> > > @@ -285,7 +285,8 @@ static int create_handle_cache(struct zs_pool *pool)
> > >  
> > >  static void destroy_handle_cache(struct zs_pool *pool)
> > >  {
> > > -	kmem_cache_destroy(pool->handle_cachep);
> > > +	if (pool->handle_cachep)
> > > +		kmem_cache_destroy(pool->handle_cachep);
> > >  }
> > >  
> > >  static unsigned long alloc_handle(struct zs_pool *pool)
> > 
> > I'll apply this, but...  from a bit of grepping I'm estimating that we
> > have approximately 200 instances of
> > 
> > 	if (foo)
> > 		kmem_cache_destroy(foo);
> > 
> > so obviously kmem_cache_destroy() should be doing the check.
> 
> Hello, Andrew.
> 
> I'm not sure if doing the check in kmem_cache_destroy() is better.

Of course it's better - we have *hundreds* of sites doing something
which could be done at a single site.  Where's the advantage in that?

> My quick grep for other pool based allocators(ex. mempool, zpool) also
> says that they don't check whether passed pool pointer is NULL or not
> in destroy function.

Maybe some of those should be converted as well.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/