mm/dmapool.c: fix null dev in dma_pool_create()

A few drivers invoke dma_pool_create() with a null dev.  Note that dev is
dereferenced in dev_to_node(dev), causing a null pointer dereference.

A long term solution is to disallow null dev.  Once the drivers are fixed,
we can simplify the core code here.  For now we add WARN_ON(!dev) to
notify the driver maintainers and avoid the null pointer dereference.

Signed-off-by: Xi Wang <xi.wang@gmail.com>
Cc: David Rientjes <rientjes@google.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>

diff --git a/mm/dmapool.c b/mm/dmapool.c
index c69781e97cf968076583cc29ef1dbfa53a535c46..668f26316e2e866b6136d80f19b184d8963a44fa 100644 (file)
--- a/mm/dmapool.c
+++ b/mm/dmapool.c
@@ -132,6 +132,7 @@ struct dma_pool *dma_pool_create(const char *name, struct device *dev,
 {
        struct dma_pool *retval;
        size_t allocation;
+       int node;
 
        if (align == 0) {
                align = 1;
@@ -156,7 +157,9 @@ struct dma_pool *dma_pool_create(const char *name, struct device *dev,
                return NULL;
        }
 
-       retval = kmalloc_node(sizeof(*retval), GFP_KERNEL, dev_to_node(dev));
+       node = WARN_ON(!dev) ? -1 : dev_to_node(dev);
+
+       retval = kmalloc_node(sizeof(*retval), GFP_KERNEL, node);
        if (!retval)
                return retval;