From 515154240d70fa77e2a59f126a61531839a2ce2b Mon Sep 17 00:00:00 2001 From: Hong-Mei Li Date: Thu, 12 Mar 2015 19:14:26 -0700 Subject: [PATCH] drivers:lmk: Fix double delete issue someone may change a process's oom_score_adj by proc fs, even though the process has exited. In that case, the task was deleted from the rb tree already, and the redundant deleting would trigger rb_erase panic finally. In this patch, we make sure to clear the node after deteting and check its empty status before rb_erase. Signed-off-by: Hong-Mei Li Reviewed-on: http://gerrit.mot.com/725306 SLTApproved: Slta Waiver SME-Granted: SME Approvals Granted Tested-by: Jira Key Reviewed-by: Sheng-Zhe Zhao Submit-Approved: Jira Key Signed-off-by: Pranav Vashi --- drivers/staging/android/lowmemorykiller.c | 5 ++++- kernel/fork.c | 3 +++ 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/drivers/staging/android/lowmemorykiller.c b/drivers/staging/android/lowmemorykiller.c index e184b16e9cf..9f64bbda5e5 100644 --- a/drivers/staging/android/lowmemorykiller.c +++ b/drivers/staging/android/lowmemorykiller.c @@ -690,7 +690,10 @@ void add_2_adj_tree(struct task_struct *task) void delete_from_adj_tree(struct task_struct *task) { spin_lock(&lmk_lock); - rb_erase(&task->adj_node, &tasks_scoreadj); + if (!RB_EMPTY_NODE(&task->adj_node)) { + rb_erase(&task->adj_node, &tasks_scoreadj); + RB_CLEAR_NODE(&task->adj_node); + } spin_unlock(&lmk_lock); } diff --git a/kernel/fork.c b/kernel/fork.c index 43a1a643519..944f92334f3 100644 --- a/kernel/fork.c +++ b/kernel/fork.c @@ -360,6 +360,9 @@ static struct task_struct *dup_task_struct(struct task_struct *orig) account_kernel_stack(ti, 1); +#ifdef CONFIG_ANDROID_LMK_ADJ_RBTREE + RB_CLEAR_NODE(&tsk->adj_node); +#endif return tsk; free_ti: