From ed147d801c325ea5a36177d1c1eb6a8d48721dff Mon Sep 17 00:00:00 2001
From: Wang Wensheng <wangwensheng4@huawei.com>
Date: Sat, 30 Oct 2021 11:08:57 +0800
Subject: [PATCH] share_pool: Check tsk->mm before use it

ascend inclusion
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/I4EUVI
CVE: NA

-------------------

The user could give a pid of daemon process when add task to group. That
daemon process has no mm_struct so we should check it before use.

Signed-off-by: Wang Wensheng <wangwensheng4@huawei.com>
Reviewed-by: Ding Tianhong <dingtianhong@huawei.com>
Reviewed-by: Tang Yizhou <tangyizhou@huawei.com>
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Reviewed-by: Weilong Chen <chenweilong@huawei.com>
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
---
 mm/share_pool.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/mm/share_pool.c b/mm/share_pool.c
index f785b6ed4186..eb15ad9a24e3 100644
--- a/mm/share_pool.c
+++ b/mm/share_pool.c
@@ -549,8 +549,6 @@ int sp_group_add_task(int pid, int spg_id)
 	tsk = find_task_by_vpid(pid);
 	if (!tsk || (tsk->flags & PF_EXITING))
 		ret = -ESRCH;
-	else if (tsk->mm->sp_group)	/* if it's already in a sp_group */
-		ret = -EEXIST;
 	else
 		get_task_struct(tsk);
 
@@ -560,6 +558,11 @@ int sp_group_add_task(int pid, int spg_id)
 		goto out_unlock;
 	}
 
+	if (!tsk->mm || tsk->mm->sp_group) {	/* if it's already in a sp_group */
+		ret = -EEXIST;
+		goto out_unlock;
+	}
+
 	spg = find_or_alloc_sp_group(spg_id);
 	if (IS_ERR(spg)) {
 		ret = PTR_ERR(spg);
-- 
GitLab