UPSTREAM: zsmalloc: fix a null pointer dereference in destroy_handle_cache() (cherry-pick from commit 02f7b4145da113683ad64c74bf64605e16b71789) If zs_create_pool()->create_handle_cache()->kmem_cache_create() or pool->name allocation fails, zs_create_pool()->destroy_handle_cache() will dereference the NULL pool->handle_cachep. Modify destroy_handle_cache() to avoid this. Bug: 25951511 Change-Id: Ibf77819056b1ccd025a0aa1c9392f7ded11187c7 Signed-off-by: Sergey Senozhatsky <sergey.senozhatsky@gmail.com> Cc: Minchan Kim <minchan@kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

commit: f750aea06339bd54d0d84e9287343d39b31787a1 [log] [tgz]
author: Sergey Senozhatsky <sergey.senozhatsky@gmail.com> Wed Jun 10 11:14:57 2015 -0700
committer: Greg Hackmann <ghackmann@google.com> Wed Dec 09 12:27:11 2015 -0800
tree: ae8704167d52af9bfc4eeac795030182d1c33689
parent: d5a6bfb6b3bca07385250b345ccd00d9fbba1494 [diff]
diff --git a/mm/zsmalloc.c b/mm/zsmalloc.c
index 08bd7a3..a8b5e74 100644
--- a/mm/zsmalloc.c
+++ b/mm/zsmalloc.c

@@ -289,7 +289,8 @@
 
 static void destroy_handle_cache(struct zs_pool *pool)
 {
-	kmem_cache_destroy(pool->handle_cachep);
+	if (pool->handle_cachep)
+		kmem_cache_destroy(pool->handle_cachep);
 }
 
 static unsigned long alloc_handle(struct zs_pool *pool)
commit	f750aea06339bd54d0d84e9287343d39b31787a1	[log] [tgz]
author	Sergey Senozhatsky <sergey.senozhatsky@gmail.com>	Wed Jun 10 11:14:57 2015 -0700
committer	Greg Hackmann <ghackmann@google.com>	Wed Dec 09 12:27:11 2015 -0800
tree	ae8704167d52af9bfc4eeac795030182d1c33689
parent	d5a6bfb6b3bca07385250b345ccd00d9fbba1494 [diff]