ANDROID: sdcardfs: Don't bother deleting freelistandroid-o-preview-1_r0.1

There is no point deleting entries from dlist, as
that is a temporary list on the stack from which
contains only entries that are being deleted.

Not all code paths set up dlist, so those that
don't were performing invalid accesses in
hash_del_rcu. As an additional means to prevent
any other issue, we null out the list entries when
we allocate from the cache.

Bug: 35666680
Change-Id: Ibb1e28c08c3a600c29418d39ba1c0f3db3bf31e5
Signed-off-by: Daniel Rosenberg <drosen@google.com>
Signed-off-by: Siqi Lin <siqilin@google.com>

1 files changed, 2 insertions, 1 deletions

diff --git a/fs/sdcardfs/packagelist.c b/fs/sdcardfs/packagelist.c
index 221ad11cb516..21eb2d317e44 100755
--- a/fs/sdcardfs/packagelist.c
+++ b/fs/sdcardfs/packagelist.c
@@ -178,6 +178,8 @@ static struct hashtable_entry *alloc_hashtable_entry(const struct qstr *key,
 			GFP_KERNEL);
 	if (!ret)
 		return NULL;
+	INIT_HLIST_NODE(&ret->dlist);
+	INIT_HLIST_NODE(&ret->hlist);
 
 	if (!qstr_copy(key, &ret->key)) {
 		kmem_cache_free(hashtable_entry_cachep, ret);
@@ -326,7 +328,6 @@ static int insert_userid_exclude_entry(const struct qstr *key, userid_t value)
 static void free_hashtable_entry(struct hashtable_entry *entry)
 {
 	kfree(entry->key.name);
-	hash_del_rcu(&entry->dlist);
 	kmem_cache_free(hashtable_entry_cachep, entry);
 }