[RFC][PATCH 3/5] mm/dmapool: allow NULL `pool' pointer in dma_pool_destroy()

From: Sergey Senozhatsky
Date: Tue Jun 09 2015 - 08:06:21 EST


dma_pool_destroy() does not tolerate a NULL dma_pool pointer
argument and performs a NULL-pointer dereference. This requires
additional attention and effort from developers/reviewers and
forces all dma_pool_destroy() callers to do a NULL check

if (pool)
dma_pool_destroy(pool);

Or, otherwise, be invalid dma_pool_destroy() users.

Tweak dma_pool_destroy() and NULL-check the pointer there.

Proposed by Andrew Morton.

Signed-off-by: Sergey Senozhatsky <sergey.senozhatsky@xxxxxxxxx>
Reported-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
LKML-reference: https://lkml.org/lkml/2015/6/8/583
---
mm/dmapool.c | 3 +++
1 file changed, 3 insertions(+)

diff --git a/mm/dmapool.c b/mm/dmapool.c
index fd5fe43..5f2cffc 100644
--- a/mm/dmapool.c
+++ b/mm/dmapool.c
@@ -271,6 +271,9 @@ void dma_pool_destroy(struct dma_pool *pool)
{
bool empty = false;

+ if (unlikely(!pool))
+ return;
+
mutex_lock(&pools_reg_lock);
mutex_lock(&pools_lock);
list_del(&pool->pools);
--
2.4.3.368.g7974889

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/