drivers:lmk: Fix double delete issue

someone may change a process's oom_score_adj by proc fs, even though the
process has exited. In that case, the task was deleted from the rb tree
already, and the redundant deleting would trigger rb_erase panic finally.
In this patch, we make sure to clear the node after deteting and check
its empty status before rb_erase.

Change-Id: I26098ca3350f111e94567f9e65ec3dce413197aa
Signed-off-by: Hong-Mei Li <a21834@motorola.com>
Reviewed-on: http://gerrit.mot.com/727760
SME-Granted: SME Approvals Granted
SLTApproved: Slta Waiver <sltawvr@motorola.com>
Tested-by: Jira Key <jirakey@motorola.com>
Reviewed-by: Sheng-Zhe Zhao <a18689@motorola.com>
Submit-Approved: Jira Key <jirakey@motorola.com>

2 files changed, 7 insertions, 1 deletions

diff --git a/drivers/staging/android/lowmemorykiller.c b/drivers/staging/android/lowmemorykiller.c
index 00056c7e8..114c6a5ec 100644
--- a/drivers/staging/android/lowmemorykiller.c
+++ b/drivers/staging/android/lowmemorykiller.c
@@ -352,7 +352,10 @@ void add_2_adj_tree(struct task_struct *task)
 void delete_from_adj_tree(struct task_struct *task)
 {
 	spin_lock(&lmk_lock);
-	rb_erase(&task->adj_node, &tasks_scoreadj);
+	if (!RB_EMPTY_NODE(&task->adj_node)) {
+		rb_erase(&task->adj_node, &tasks_scoreadj);
+		RB_CLEAR_NODE(&task->adj_node);
+	}
 	spin_unlock(&lmk_lock);
 }
 
diff --git a/kernel/fork.c b/kernel/fork.c
index 06b92b187..655a77cde 100644
--- a/kernel/fork.c
+++ b/kernel/fork.c
@@ -368,6 +368,9 @@ static struct task_struct *dup_task_struct(struct task_struct *orig)
 
 	account_kernel_stack(ti, 1);
 
+#ifdef CONFIG_ANDROID_LMK_ADJ_RBTREE
+	RB_CLEAR_NODE(&tsk->adj_node);
+#endif
 	return tsk;
 
 free_ti: