From: Sergey Senozhatsky sergey.senozhatsky@gmail.com
mempool_destroy() does not tolerate a NULL mempool_t pointer argument and performs a NULL-pointer dereference. This requires additional attention and effort from developers/reviewers and forces all mempool_destroy() callers to do a NULL check
if (pool) mempool_destroy(pool);
Or, otherwise, be invalid mempool_destroy() users.
Tweak mempool_destroy() and NULL-check the pointer there.
Proposed by Andrew Morton.
Link: https://lkml.org/lkml/2015/6/8/583 Signed-off-by: Sergey Senozhatsky sergey.senozhatsky@gmail.com Acked-by: David Rientjes rientjes@google.com Cc: Julia Lawall julia.lawall@lip6.fr Cc: Joe Perches joe@perches.com Signed-off-by: Andrew Morton akpm@linux-foundation.org Signed-off-by: Linus Torvalds torvalds@linux-foundation.org (cherry picked from commit 4e3ca3e033d1eea62fa16c3fdbef4f20427bd0de) Signed-off-by: Alex Shi alex.shi@linaro.org --- mm/mempool.c | 3 +++ 1 file changed, 3 insertions(+)
diff --git a/mm/mempool.c b/mm/mempool.c index 2cc08de..4c533bc 100644 --- a/mm/mempool.c +++ b/mm/mempool.c @@ -150,6 +150,9 @@ static void *remove_element(mempool_t *pool) */ void mempool_destroy(mempool_t *pool) { + if (unlikely(!pool)) + return; + while (pool->curr_nr) { void *element = remove_element(pool); pool->free(element, pool->pool_data);