From fcbf90cfa5bef8a8a4cc4cb4b3b61a16b57a72d3 Mon Sep 17 00:00:00 2001
From: Wang Wensheng <wangwensheng4@huawei.com>
Date: Sat, 30 Oct 2021 11:08:56 +0800
Subject: [PATCH] share_pool: Fix a potential bug branch

ascend inclusion
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/I4EUVI
CVE: NA

-------------------

When we add a task to a new group, we create and initialize the group at
first. The is_active element of spg should not be true until the fully
process completed, or the BUG of freeing an active spg shall occur if the
works after the initialization raise an error.

Signed-off-by: Wang Wensheng <wangwensheng4@huawei.com>
Reviewed-by: Ding Tianhong <dingtianhong@huawei.com>
Reviewed-by: Tang Yizhou <tangyizhou@huawei.com>
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Reviewed-by: Weilong Chen <chenweilong@huawei.com>
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
---
 mm/share_pool.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/mm/share_pool.c b/mm/share_pool.c
index 6e13cbd03221..f785b6ed4186 100644
--- a/mm/share_pool.c
+++ b/mm/share_pool.c
@@ -374,7 +374,7 @@ static struct sp_group *find_or_alloc_sp_group(int spg_id)
 		atomic64_set(&spg->alloc_nsize, 0);
 		atomic64_set(&spg->alloc_hsize, 0);
 		atomic64_set(&spg->alloc_size, 0);
-		spg->is_alive = true;
+		spg->is_alive = false;
 		spg->hugepage_failures = 0;
 		spg->dvpp_multi_spaces = false;
 		spg->owner = current->group_leader;
@@ -591,6 +591,8 @@ int sp_group_add_task(int pid, int spg_id)
 	}
 
 	mm->sp_group = spg;
+	/* We reactive the spg even the spg exists already. */
+	spg->is_alive = true;
 	list_add_tail(&tsk->mm->sp_node, &spg->procs);
 	/*
 	 * create mappings of existing shared memory segments into this
-- 
GitLab