ANDROID: sdcardfs: Don't bother deleting freelist

There is no point deleting entries from dlist, as that is a temporary list on the stack from which contains only entries that are being deleted. Not all code paths set up dlist, so those that don't were performing invalid accesses in hash_del_rcu. As an additional means to prevent any other issue, we null out the list entries when we allocate from the cache. Signed-off-by: Daniel Rosenberg <drosen@google.com> Bug: 35666680 Change-Id: Ibb1e28c08c3a600c29418d39ba1c0f3db3bf31e5
author: Daniel Rosenberg <drosen@google.com> 2017-02-22 14:41:58 -0800
committer: Arvin Quilao <arquilao@gmail.com> 2017-03-07 04:06:51 +0000
commit: 686fea7dc74a8c3f434cf34024191af243edd4eb (patch)
tree: 0c84371fbe9e8e45cd8ef2e737f63664a6d054dd
parent: 0cf5b777512ac9fc6f4a0db9d1f9aab39ea267d7 (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/fs/sdcardfs/packagelist.c b/fs/sdcardfs/packagelist.c
index 221ad11cb51..21eb2d317e4 100755
--- a/fs/sdcardfs/packagelist.c
+++ b/fs/sdcardfs/packagelist.c
@@ -178,6 +178,8 @@ static struct hashtable_entry *alloc_hashtable_entry(const struct qstr *key,
 			GFP_KERNEL);
 	if (!ret)
 		return NULL;
+	INIT_HLIST_NODE(&ret->dlist);
+	INIT_HLIST_NODE(&ret->hlist);
 
 	if (!qstr_copy(key, &ret->key)) {
 		kmem_cache_free(hashtable_entry_cachep, ret);
@@ -326,7 +328,6 @@ static int insert_userid_exclude_entry(const struct qstr *key, userid_t value)
 static void free_hashtable_entry(struct hashtable_entry *entry)
 {
 	kfree(entry->key.name);
-	hash_del_rcu(&entry->dlist);
 	kmem_cache_free(hashtable_entry_cachep, entry);
 }
author	Daniel Rosenberg <drosen@google.com>	2017-02-22 14:41:58 -0800
committer	Arvin Quilao <arquilao@gmail.com>	2017-03-07 04:06:51 +0000
commit	686fea7dc74a8c3f434cf34024191af243edd4eb (patch)
tree	0c84371fbe9e8e45cd8ef2e737f63664a6d054dd
parent	0cf5b777512ac9fc6f4a0db9d1f9aab39ea267d7 (diff)