From: Daniel Rosenberg Date: Wed, 22 Feb 2017 22:41:58 +0000 (-0800) Subject: ANDROID: sdcardfs: Don't bother deleting freelist X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=952d8b9c725b32b9f2ffc9854d9ba3ea12e0b9b9;p=GitHub%2Fmoto-9609%2Fandroid_kernel_motorola_exynos9610.git ANDROID: sdcardfs: Don't bother deleting freelist There is no point deleting entries from dlist, as that is a temporary list on the stack from which contains only entries that are being deleted. Not all code paths set up dlist, so those that don't were performing invalid accesses in hash_del_rcu. As an additional means to prevent any other issue, we null out the list entries when we allocate from the cache. Signed-off-by: Daniel Rosenberg Bug: 35666680 Change-Id: Ibb1e28c08c3a600c29418d39ba1c0f3db3bf31e5 --- diff --git a/fs/sdcardfs/packagelist.c b/fs/sdcardfs/packagelist.c index 537ff523c32a..5f81284a4f44 100644 --- a/fs/sdcardfs/packagelist.c +++ b/fs/sdcardfs/packagelist.c @@ -181,6 +181,8 @@ static struct hashtable_entry *alloc_hashtable_entry(const struct qstr *key, GFP_KERNEL); if (!ret) return NULL; + INIT_HLIST_NODE(&ret->dlist); + INIT_HLIST_NODE(&ret->hlist); if (!qstr_copy(key, &ret->key)) { kmem_cache_free(hashtable_entry_cachep, ret); @@ -329,7 +331,6 @@ static int insert_userid_exclude_entry(const struct qstr *key, userid_t value) static void free_hashtable_entry(struct hashtable_entry *entry) { kfree(entry->key.name); - hash_del_rcu(&entry->dlist); kmem_cache_free(hashtable_entry_cachep, entry); }