From: Wang Wensheng <wangwensheng4@huawei.com> ascend inclusion category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I4EUVI CVE: NA ------------------- The user could give a pid of daemon process when add task to group. That daemon process has no mm_struct so we should check it before use. Signed-off-by: Wang Wensheng <wangwensheng4@huawei.com> Reviewed-by: Ding Tianhong <dingtianhong@huawei.com> Reviewed-by: Tang Yizhou <tangyizhou@huawei.com> Signed-off-by: Yang Yingliang <yangyingliang@huawei.com> Reviewed-by: Weilong Chen <chenweilong@huawei.com> Signed-off-by: Yang Yingliang <yangyingliang@huawei.com> --- mm/share_pool.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/mm/share_pool.c b/mm/share_pool.c index f785b6ed41866..eb15ad9a24e31 100644 --- a/mm/share_pool.c +++ b/mm/share_pool.c @@ -549,8 +549,6 @@ int sp_group_add_task(int pid, int spg_id) tsk = find_task_by_vpid(pid); if (!tsk || (tsk->flags & PF_EXITING)) ret = -ESRCH; - else if (tsk->mm->sp_group) /* if it's already in a sp_group */ - ret = -EEXIST; else get_task_struct(tsk); @@ -560,6 +558,11 @@ int sp_group_add_task(int pid, int spg_id) goto out_unlock; } + if (!tsk->mm || tsk->mm->sp_group) { /* if it's already in a sp_group */ + ret = -EEXIST; + goto out_unlock; + } + spg = find_or_alloc_sp_group(spg_id); if (IS_ERR(spg)) { ret = PTR_ERR(spg); -- 2.25.1