From: Sergey Senozhatsky <sergey.senozhatsky@gmail.com>
Date: Wed, 10 Jun 2015 18:14:57 +0000 (-0700)
Subject: zsmalloc: fix a null pointer dereference in destroy_handle_cache()
X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=02f7b4145da113683ad64c74bf64605e16b71789;p=GitHub%2FLineageOS%2Fandroid_kernel_motorola_exynos9610.git

zsmalloc: fix a null pointer dereference in destroy_handle_cache()

If zs_create_pool()->create_handle_cache()->kmem_cache_create() or
pool->name allocation fails, zs_create_pool()->destroy_handle_cache()
will dereference the NULL pool->handle_cachep.

Modify destroy_handle_cache() to avoid this.

Signed-off-by: Sergey Senozhatsky <sergey.senozhatsky@gmail.com>
Cc: Minchan Kim <minchan@kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
---

diff --git a/mm/zsmalloc.c b/mm/zsmalloc.c
index 08bd7a3d464a..a8b5e749e84e 100644
--- a/mm/zsmalloc.c
+++ b/mm/zsmalloc.c
@@ -289,7 +289,8 @@ static int create_handle_cache(struct zs_pool *pool)
 
 static void destroy_handle_cache(struct zs_pool *pool)
 {
-	kmem_cache_destroy(pool->handle_cachep);
+	if (pool->handle_cachep)
+		kmem_cache_destroy(pool->handle_cachep);
 }
 
 static unsigned long alloc_handle(struct zs_pool *pool)