From a80d250ae59247585ca996b25ffd10402b9fea44 Mon Sep 17 00:00:00 2001
From: Tang Yizhou <tangyizhou@huawei.com>
Date: Sat, 30 Oct 2021 11:09:57 +0800
Subject: [PATCH] share_pool: Free newly generated id only when necessary

ascend inclusion
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/I4EUVI
CVE: NA

-------------------------------------------------

Once sp group is created, the generated id will be freed in
sp_group_drop. Before that, we should call free_sp_group_id()
when error occurs.

Signed-off-by: Tang Yizhou <tangyizhou@huawei.com>
Reviewed-by: Weilong Chen <chenweilong@huawei.com>
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
---
 mm/share_pool.c | 20 ++++++++++++++------
 1 file changed, 14 insertions(+), 6 deletions(-)

diff --git a/mm/share_pool.c b/mm/share_pool.c
index 6a4da9ac83e1..2d9c0a891621 100644
--- a/mm/share_pool.c
+++ b/mm/share_pool.c
@@ -349,6 +349,12 @@ static void free_sp_group_id(unsigned int spg_id)
 		ida_free(&sp_group_id_ida, spg_id);
 }
 
+static void free_new_spg_id(bool new, int spg_id)
+{
+	if (new)
+		free_sp_group_id(spg_id);
+}
+
 static void free_sp_group(struct sp_group *spg)
 {
 	fput(spg->file);
@@ -665,7 +671,8 @@ int sp_group_add_task(int pid, int spg_id)
 	rcu_read_unlock();
 	if (ret) {
 		up_write(&sp_group_sem);
-		goto out_free_id;
+		free_new_spg_id(id_newly_generated, spg_id);
+		goto out;
 	}
 
 	/*
@@ -682,12 +689,14 @@ int sp_group_add_task(int pid, int spg_id)
 	 */
 	mm = get_task_mm(tsk->group_leader);
 	if (!mm) {
-		ret = -ESRCH;
 		up_write(&sp_group_sem);
+		ret = -ESRCH;
+		free_new_spg_id(id_newly_generated, spg_id);
 		goto out_put_task;
 	} else if (mm->sp_group) {
-		ret = -EEXIST;
 		up_write(&sp_group_sem);
+		ret = -EEXIST;
+		free_new_spg_id(id_newly_generated, spg_id);
 		goto out_put_mm;
 	}
 
@@ -695,6 +704,7 @@ int sp_group_add_task(int pid, int spg_id)
 	if (IS_ERR(spg)) {
 		up_write(&sp_group_sem);
 		ret = PTR_ERR(spg);
+		free_new_spg_id(id_newly_generated, spg_id);
 		goto out_put_mm;
 	}
 
@@ -813,9 +823,7 @@ int sp_group_add_task(int pid, int spg_id)
 		mmput(mm);
 out_put_task:
 	put_task_struct(tsk);
-out_free_id:
-	if (unlikely(ret) && id_newly_generated)
-		free_sp_group_id((unsigned int)spg_id);
+out:
 	return ret == 0 ? spg_id : ret;
 }
 EXPORT_SYMBOL_GPL(sp_group_add_task);
-- 
GitLab