zsmalloc() now returns ERR_PTR values as handles, which zram
accidentally can pass to zs_free(). Another bad scenario
is when zcomp_compress() fails - handle has default -ENOMEM
value, and zs_free() will try to free that "pointer value".
Add the missing check and make sure that zs_free() bails out
when ERR_PTR() is passed to it.
Fixes: c7e6f17b52e9 ("zsmalloc: zs_malloc: return ERR_PTR on failure")
Signed-off-by: Sergey Senozhatsky <senozhatsky@xxxxxxxxxxxx>
---
mm/zsmalloc.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/mm/zsmalloc.c b/mm/zsmalloc.c
index 99d93a48cbe0..7b3bffc06078 100644
--- a/mm/zsmalloc.c
+++ b/mm/zsmalloc.c
@@ -1487,7 +1487,7 @@ void zs_free(struct zs_pool *pool, unsigned long handle)
struct size_class *class;
enum fullness_group fullness;
- if (unlikely(!handle))
+ if (IS_ERR_OR_NULL((void *)handle))
return;
/*
--
2.37.1.595.g718a3a8f04-goog
