From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1753163AbbIGOLl (ORCPT <rfc822;w@1wt.eu>);
	Mon, 7 Sep 2015 10:11:41 -0400
Received: from youngberry.canonical.com ([91.189.89.112]:40861 "EHLO
	youngberry.canonical.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1751135AbbIGOLf (ORCPT
	<rfc822;linux-kernel@vger.kernel.org>);
	Mon, 7 Sep 2015 10:11:35 -0400
Date: Mon, 7 Sep 2015 15:11:30 +0100
From: Luis Henriques <luis.henriques@canonical.com>
To: Sergey Senozhatsky <sergey.senozhatsky@gmail.com>
Cc: Sergey Senozhatsky <sergey.senozhatsky.work@gmail.com>,
        Minchan Kim <minchan@kernel.org>, Nitin Gupta <ngupta@vflare.org>,
        linux-kernel@vger.kernel.org
Subject: Re: [PATCH] zram: fix possible use after free in zcomp_create()
Message-ID: <20150907141130.GH10075@ares>
References: <1441622033-8358-1-git-send-email-luis.henriques@canonical.com>
 <20150907111148.GB27956@swordfish>
 <20150907125343.GG10075@ares>
 <20150907133332.GA539@swordfish>
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <20150907133332.GA539@swordfish>
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Mon, Sep 07, 2015 at 10:33:32PM +0900, Sergey Senozhatsky wrote:
> On (09/07/15 13:53), Luis Henriques wrote:
> > > On (09/07/15 11:33), Luis Henriques wrote:
> > > > zcomp_create() verifies the success of zcomp_strm_{multi,siggle}_create()
> > > > through comp->stream, which can potentially be pointing to memory that was
> > > > freed if these functions returned an error.
> > > > 
> > > 
> > > good catch.
> > > 
> > > we probably better start checking the zcomp_strm_multi_create()/
> > > zcomp_strm_single_create() status in zcomp_create(); that's much
> > > more obvious and that's why we return it in the first place.
> > > 
> > > what do you think?
> > >
> > 
> > Yep, that's probably a better solution.
> > 
> > Acked-by: Luis Henriques <luis.henriques@canonical.com>
> > 
> 
> Oh, thanks. I don't mind if you will re-submit it; I just did minor
> changes to our fix. Or I can handle it. I'm OK with either way.

Ok, I'll be sending v2 in a minute.

>Btw, did you hit that problem or you reviewed the code?
>

I've found this while looking at the code (I wouldn't really call it a
"code review"... :-))

Cheers,
--
Luís