drivers:lmk: Fix double delete issue

someone may change a process's oom_score_adj by proc fs, even though the process has exited. In that case, the task was deleted from the rb tree already, and the redundant deleting would trigger rb_erase panic finally. In this patch, we make sure to clear the node after deteting and check its empty status before rb_erase. Signed-off-by: Hong-Mei Li <[email protected]> Reviewed-on: http://gerrit.mot.com/725306 SLTApproved: Slta Waiver <[email protected]> SME-Granted: SME Approvals Granted Tested-by: Jira Key <[email protected]> Reviewed-by: Sheng-Zhe Zhao <[email protected]> Submit-Approved: Jira Key <[email protected]> Signed-off-by: Pranav Vashi <[email protected]>
neobuddy89 · Jul 13, 2015 · 5151542 · 5151542
1 parent 4e32ed0
commit 5151542
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 1 deletion.
diff --git a/drivers/staging/android/lowmemorykiller.c b/drivers/staging/android/lowmemorykiller.c
@@ -690,7 +690,10 @@ void add_2_adj_tree(struct task_struct *task)
 void delete_from_adj_tree(struct task_struct *task)
 {
 	spin_lock(&lmk_lock);
-	rb_erase(&task->adj_node, &tasks_scoreadj);
+	if (!RB_EMPTY_NODE(&task->adj_node)) {
+		rb_erase(&task->adj_node, &tasks_scoreadj);
+		RB_CLEAR_NODE(&task->adj_node);
+	}
 	spin_unlock(&lmk_lock);
 }
 

diff --git a/kernel/fork.c b/kernel/fork.c
@@ -360,6 +360,9 @@ static struct task_struct *dup_task_struct(struct task_struct *orig)
 
 	account_kernel_stack(ti, 1);
 
+#ifdef CONFIG_ANDROID_LMK_ADJ_RBTREE
+	RB_CLEAR_NODE(&tsk->adj_node);
+#endif
 	return tsk;
 
 free_ti: