[RFC][PATCH 0/5] do not dereference NULL pools in pools' destroy() functions

From: Sergey Senozhatsky
Date: Tue Jun 09 2015 - 08:05:50 EST

Next message: Jarkko Sakkinen: "Re: [tpmdd-devel] [PATCH v2] tpm: introduce struct tpm_buf"
Previous message: Peter Zijlstra: "Re: [PATCH 2/2] locking/qrwlock: Don't contend with readers when setting _QW_WAITING"
Next in thread: Sergey Senozhatsky: "[RFC][PATCH 1/5] mm/slab_common: allow NULL cache pointer in kmem_cache_destroy()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello,

RFC

Proposed by Andrew Morton: https://lkml.org/lkml/2015/6/8/583

The existing pools' destroy() functions do not allow NULL pool pointers;
instead, every destructor() caller forced to check if pool is not NULL,
which:
a) requires additional attention from developers/reviewers
b) may lead to a NULL pointer dereferences if (a) didn't work

First 3 patches tweak
- kmem_cache_destroy()
- mempool_destroy()
- dma_pool_destroy()

to handle NULL pointers.
Basically, this patch set will:

1) Can prevent us from still undiscovered NULL pointer dereferences.
(like the one that was addressed in https://lkml.org/lkml/2015/6/5/262)

2) Make a cleanup possible. Things like:
[..]
if (xhci->segment_pool)
dma_pool_destroy(xhci->segment_pool);
..
if (xhci->device_pool)
dma_pool_destroy(xhci->device_pool);
..
if (xhci->small_streams_pool)
dma_pool_destroy(xhci->small_streams_pool);
..
if (xhci->medium_streams_pool)
dma_pool_destroy(xhci->medium_streams_pool);
[..]

or

[..]
fail_dma_pool:
if (IS_QLA82XX(ha) || ql2xenabledif) {
dma_pool_destroy(ha->fcp_cmnd_dma_pool);
ha->fcp_cmnd_dma_pool = NULL;
}
fail_dl_dma_pool:
if (IS_QLA82XX(ha) || ql2xenabledif) {
dma_pool_destroy(ha->dl_dma_pool);
ha->dl_dma_pool = NULL;
}
fail_s_dma_pool:
dma_pool_destroy(ha->s_dma_pool);
ha->s_dma_pool = NULL;
[..]

may now be simplified.

0004 and 0005 are not so necessary, simply because there are not
so many users of these two (added for pool's destroy() functions consistency):
-- zpool_destroy_pool()
-- zs_destroy_pool()

So, 0004 and 0005 can be dropped.

- zbud does kfree() in zbud_destroy_pool(), so I didn't touch it.

Sergey Senozhatsky (5):
mm/slab_common: allow NULL cache pointer in kmem_cache_destroy()
mm/mempool: allow NULL `pool' pointer in mempool_destroy()
mm/dmapool: allow NULL `pool' pointer in dma_pool_destroy()
mm/zpool: allow NULL `zpool' pointer in zpool_destroy_pool()
mm/zsmalloc: allow NULL `pool' pointer in zs_destroy_pool()

mm/dmapool.c | 3 +++
mm/mempool.c | 3 +++
mm/slab_common.c | 3 +++
mm/zpool.c | 3 +++
mm/zsmalloc.c | 3 +++
5 files changed, 15 insertions(+)

--
2.4.3.368.g7974889

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Jarkko Sakkinen: "Re: [tpmdd-devel] [PATCH v2] tpm: introduce struct tpm_buf"
Previous message: Peter Zijlstra: "Re: [PATCH 2/2] locking/qrwlock: Don't contend with readers when setting _QW_WAITING"
Next in thread: Sergey Senozhatsky: "[RFC][PATCH 1/5] mm/slab_common: allow NULL cache pointer in kmem_cache_destroy()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]