Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753666AbbFIAkM (ORCPT ); Mon, 8 Jun 2015 20:40:12 -0400 Received: from mail.linuxfoundation.org ([140.211.169.12]:60213 "EHLO mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753178AbbFIAkH (ORCPT ); Mon, 8 Jun 2015 20:40:07 -0400 Date: Mon, 8 Jun 2015 17:43:06 -0700 From: Andrew Morton To: Joonsoo Kim Cc: Sergey Senozhatsky , Minchan Kim , linux-mm@kvack.org, linux-kernel@vger.kernel.org, Sergey Senozhatsky , Christoph Lameter , Pekka Enberg , David Rientjes Subject: Re: [PATCH] zsmalloc: fix a null pointer dereference in destroy_handle_cache() Message-Id: <20150608174306.92652579.akpm@linux-foundation.org> In-Reply-To: <20150609003827.GD9687@js1304-P5Q-DELUXE> References: <1433502690-2524-1-git-send-email-sergey.senozhatsky@gmail.com> <20150608135532.ac913746b6394217e92a229a@linux-foundation.org> <20150609003827.GD9687@js1304-P5Q-DELUXE> X-Mailer: Sylpheed 2.7.1 (GTK+ 2.18.9; x86_64-redhat-linux-gnu) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1452 Lines: 42 On Tue, 9 Jun 2015 09:38:27 +0900 Joonsoo Kim wrote: > > > ... > > > > > > --- a/mm/zsmalloc.c > > > +++ b/mm/zsmalloc.c > > > @@ -285,7 +285,8 @@ static int create_handle_cache(struct zs_pool *pool) > > > > > > static void destroy_handle_cache(struct zs_pool *pool) > > > { > > > - kmem_cache_destroy(pool->handle_cachep); > > > + if (pool->handle_cachep) > > > + kmem_cache_destroy(pool->handle_cachep); > > > } > > > > > > static unsigned long alloc_handle(struct zs_pool *pool) > > > > I'll apply this, but... from a bit of grepping I'm estimating that we > > have approximately 200 instances of > > > > if (foo) > > kmem_cache_destroy(foo); > > > > so obviously kmem_cache_destroy() should be doing the check. > > Hello, Andrew. > > I'm not sure if doing the check in kmem_cache_destroy() is better. Of course it's better - we have *hundreds* of sites doing something which could be done at a single site. Where's the advantage in that? > My quick grep for other pool based allocators(ex. mempool, zpool) also > says that they don't check whether passed pool pointer is NULL or not > in destroy function. Maybe some of those should be converted as well. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/