From: Dan Carpenter <dan.carpenter@xxxxxxxxxx> Subject: zswap: potential NULL dereference on error in init_zswap() The "pool" pointer can be NULL at the end of the init_zswap(). (We would allocate a new pool later in that situation.) So in the error handling then we need to make sure pool is a valid pointer before calling "zswap_pool_destroy(pool);" because that function dereferences the argument. Link: http://lkml.kernel.org/r/20200114050902.og32fkllkod5ycf5@kili.mountain Fixes: 93d4dfa9fbd0 ("mm/zswap.c: add allocation hysteresis if pool limit is hit") Signed-off-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx> Cc: Vitaly Wool <vitaly.wool@xxxxxxxxxxxx> Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx> --- mm/zswap.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) --- a/mm/zswap.c~zswap-potential-null-dereference-on-error-in-init_zswap +++ a/mm/zswap.c @@ -1359,7 +1359,8 @@ static int __init init_zswap(void) return 0; fallback_fail: - zswap_pool_destroy(pool); + if (pool) + zswap_pool_destroy(pool); hp_fail: cpuhp_remove_state(CPUHP_MM_ZSWP_MEM_PREPARE); dstmem_fail: _
