From: Sergey Senozhatsky <sergey.senozhatsky.work@gmail.com>
To: akpm@linux-foundation.org
Cc: sergey.senozhatsky@gmail.com, minchan@kernel.org,
mm-commits@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: + zsmalloc-fix-a-null-pointer-dereference-in-destroy_handle_cache.patch added to -mm tree
Date: Tue, 9 Jun 2015 11:17:06 +0900 [thread overview]
Message-ID: <20150609021706.GA3297@swordfish> (raw)
In-Reply-To: <5576014e.XTPbNvTv2bJIJ1Z3%akpm@linux-foundation.org>
On (06/08/15 13:55), akpm@linux-foundation.org wrote:
> ------------------------------------------------------
> From: Sergey Senozhatsky <sergey.senozhatsky@gmail.com>
> Subject: zsmalloc: fix a null pointer dereference in destroy_handle_cache()
>
> If zs_create_pool()->create_handle_cache()->kmem_cache_create() fails,
> zs_create_pool()->destroy_handle_cache() will dereference the NULL
> pool->handle_cachep.
>
> Modify destroy_handle_cache() to avoid this.
>
Thank you, that's a nicer commit message.
A minor correction, zs_create_pool() can cause NULL pool->handle_cachep
from two places:
-- failed `zs_create_pool()-> pool->name = kstrdup(...)'
-- failed `zs_create_pool()->create_handle_cache()->kmem_cache_create()'
How about the following version:
---
If zs_create_pool()->create_handle_cache()->kmem_cache_create() or
pool->name allocation fails, zs_create_pool()->destroy_handle_cache()
will dereference the NULL pool->handle_cachep.
Modify destroy_handle_cache() to avoid this.
---
-ss
> Signed-off-by: Sergey Senozhatsky <sergey.senozhatsky@gmail.com>
> Cc: Minchan Kim <minchan@kernel.org>
> Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
> ---
>
> mm/zsmalloc.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff -puN mm/zsmalloc.c~zsmalloc-fix-a-null-pointer-dereference-in-destroy_handle_cache mm/zsmalloc.c
> --- a/mm/zsmalloc.c~zsmalloc-fix-a-null-pointer-dereference-in-destroy_handle_cache
> +++ a/mm/zsmalloc.c
> @@ -289,7 +289,8 @@ static int create_handle_cache(struct zs
>
> static void destroy_handle_cache(struct zs_pool *pool)
> {
> - kmem_cache_destroy(pool->handle_cachep);
> + if (pool->handle_cachep)
> + kmem_cache_destroy(pool->handle_cachep);
> }
>
> static unsigned long alloc_handle(struct zs_pool *pool)
> _
>
> Patches currently in -mm which might be from sergey.senozhatsky@gmail.com are
>
> zram-clear-disk-io-accounting-when-reset-zram-device.patch
> zsmalloc-fix-a-null-pointer-dereference-in-destroy_handle_cache.patch
> zram-add-compact-sysfs-entry-to-documentation.patch
> zram-cosmetic-zram_attr_ro-code-formatting-tweak.patch
> zram-use-idr-instead-of-zram_devices-array.patch
> zram-reorganize-code-layout.patch
> zram-remove-max_num_devices-limitation.patch
> zram-report-every-added-and-removed-device.patch
> zram-trivial-correct-flag-operations-comment.patch
> zram-return-zram-device_id-from-zram_add.patch
> zram-close-race-by-open-overriding.patch
> zram-add-dynamic-device-add-remove-functionality.patch
> zram-cosmetic-zram_bvec_write-cleanup.patch
> zram-cut-trailing-newline-in-algorithm-name.patch
> zram-check-comp-algorithm-availability-earlier.patch
> zram-check-comp-algorithm-availability-earlier-v2.patch
> linux-next.patch
>
> --
> To unsubscribe from this list: send the line "unsubscribe mm-commits" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
>
prev parent reply other threads:[~2015-06-09 2:16 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-06-08 20:55 + zsmalloc-fix-a-null-pointer-dereference-in-destroy_handle_cache.patch added to -mm tree akpm
2015-06-09 2:17 ` Sergey Senozhatsky [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20150609021706.GA3297@swordfish \
--to=sergey.senozhatsky.work@gmail.com \
--cc=akpm@linux-foundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=minchan@kernel.org \
--cc=mm-commits@vger.kernel.org \
--cc=sergey.senozhatsky@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.