From: Tang Yizhou <tangyizhou@huawei.com> ascend inclusion category: bugfix bugzilla: 46925 CVE: NA ------------------------------------------------- __sp_area_drop_locked() checks null pointer of spa, so remove null pointer checks before calling __sp_area_drop_locked(). Reported-by: Cui Bixuan <cuibixuan@huawei.com> Signed-off-by: Tang Yizhou <tangyizhou@huawei.com> Reviewed-by: Ding Tianhong <dingtianhong@huawei.com> Reviewed-by: Kefeng Wang <wangkefeng.wang@huawei.com> Signed-off-by: Yang Yingliang <yangyingliang@huawei.com> --- mm/share_pool.c | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) diff --git a/mm/share_pool.c b/mm/share_pool.c index 4316625defac..2cfac4642e0b 100644 --- a/mm/share_pool.c +++ b/mm/share_pool.c @@ -443,8 +443,7 @@ static void sp_munmap_task_areas(struct mm_struct *mm, struct list_head *stop) if (&spa->link == stop) break; - if (prev) - __sp_area_drop_locked(prev); + __sp_area_drop_locked(prev); prev = spa; atomic_inc(&spa->use_count); @@ -459,8 +458,7 @@ static void sp_munmap_task_areas(struct mm_struct *mm, struct list_head *stop) spin_lock(&sp_area_lock); } - if (prev) - __sp_area_drop_locked(prev); + __sp_area_drop_locked(prev); spin_unlock(&sp_area_lock); } @@ -607,8 +605,7 @@ int sp_group_add_task(int pid, int spg_id) struct file *file = spa_file(spa); unsigned long addr; - if (prev) - __sp_area_drop_locked(prev); + __sp_area_drop_locked(prev); prev = spa; atomic_inc(&spa->use_count); @@ -651,8 +648,7 @@ int sp_group_add_task(int pid, int spg_id) spin_lock(&sp_area_lock); } - if (prev) - __sp_area_drop_locked(prev); + __sp_area_drop_locked(prev); spin_unlock(&sp_area_lock); if (unlikely(ret)) { -- 2.25.1