From: Wang Wensheng wangwensheng4@huawei.com
ascend inclusion category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I4EUVI CVE: NA
-------------------
The user could give a pid of daemon process when add task to group. That daemon process has no mm_struct so we should check it before use.
Signed-off-by: Wang Wensheng wangwensheng4@huawei.com Reviewed-by: Ding Tianhong dingtianhong@huawei.com Reviewed-by: Tang Yizhou tangyizhou@huawei.com Signed-off-by: Yang Yingliang yangyingliang@huawei.com Reviewed-by: Weilong Chen chenweilong@huawei.com Signed-off-by: Yang Yingliang yangyingliang@huawei.com --- mm/share_pool.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/mm/share_pool.c b/mm/share_pool.c index f785b6ed41866..eb15ad9a24e31 100644 --- a/mm/share_pool.c +++ b/mm/share_pool.c @@ -549,8 +549,6 @@ int sp_group_add_task(int pid, int spg_id) tsk = find_task_by_vpid(pid); if (!tsk || (tsk->flags & PF_EXITING)) ret = -ESRCH; - else if (tsk->mm->sp_group) /* if it's already in a sp_group */ - ret = -EEXIST; else get_task_struct(tsk);
@@ -560,6 +558,11 @@ int sp_group_add_task(int pid, int spg_id) goto out_unlock; }
+ if (!tsk->mm || tsk->mm->sp_group) { /* if it's already in a sp_group */ + ret = -EEXIST; + goto out_unlock; + } + spg = find_or_alloc_sp_group(spg_id); if (IS_ERR(spg)) { ret = PTR_ERR(spg);