diff options
author | Sergey Senozhatsky <senozhatsky@chromium.org> | 2022-08-16 07:09:06 +0200 |
---|---|---|
committer | Andrew Morton <akpm@linux-foundation.org> | 2022-08-28 23:02:44 +0200 |
commit | a5d2172180e8f94a8cfc7a7fa0243035629bf8d0 (patch) | |
tree | f928252b9aafe2a463ad3aa31457b297ba7fc0fc | |
parent | binder_alloc: add missing mmap_lock calls when using the VMA (diff) | |
download | linux-a5d2172180e8f94a8cfc7a7fa0243035629bf8d0.tar.xz linux-a5d2172180e8f94a8cfc7a7fa0243035629bf8d0.zip |
mm/zsmalloc: do not attempt to free IS_ERR handle
zsmalloc() now returns ERR_PTR values as handles, which zram accidentally
can pass to zs_free(). Another bad scenario is when zcomp_compress()
fails - handle has default -ENOMEM value, and zs_free() will try to free
that "pointer value".
Add the missing check and make sure that zs_free() bails out when
ERR_PTR() is passed to it.
Link: https://lkml.kernel.org/r/20220816050906.2583956-1-senozhatsky@chromium.org
Fixes: c7e6f17b52e9 ("zsmalloc: zs_malloc: return ERR_PTR on failure")
Signed-off-by: Sergey Senozhatsky <senozhatsky@chromium.org>
Cc: Minchan Kim <minchan@kernel.org>
Cc: Nitin Gupta <ngupta@vflare.org>,
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
-rw-r--r-- | mm/zsmalloc.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/mm/zsmalloc.c b/mm/zsmalloc.c index 34f784a1604b..907c9b1e1e61 100644 --- a/mm/zsmalloc.c +++ b/mm/zsmalloc.c @@ -1487,7 +1487,7 @@ void zs_free(struct zs_pool *pool, unsigned long handle) struct size_class *class; enum fullness_group fullness; - if (unlikely(!handle)) + if (IS_ERR_OR_NULL((void *)handle)) return; /* |