From d657433f124d1d5d521ee3ba8f3486e9169012e4 Mon Sep 17 00:00:00 2001
From: Jim Blackler <jimblackler@google.com>
Date: Wed, 3 Jul 2019 17:33:51 +0100
Subject: [PATCH] ANDROID: Fixes to locking around handle_lmk_event

get_task_struct used to reserve 'selected' outside rcu_read_lock block.
Remove the need for get_task_mm, removing the possibility of lock issues there.

Bug: 133479338
Signed-off-by: Jim Blackler <jimblackler@google.com>
Change-Id: I1399e2f669242c04e0e397bc09c987358aa97a0a
---
 drivers/staging/android/lowmemorykiller.c | 20 ++++++++------------
 1 file changed, 8 insertions(+), 12 deletions(-)

diff --git a/drivers/staging/android/lowmemorykiller.c b/drivers/staging/android/lowmemorykiller.c
index d5f5bd4a2d5c..25362cba1397 100644
--- a/drivers/staging/android/lowmemorykiller.c
+++ b/drivers/staging/android/lowmemorykiller.c
@@ -94,21 +94,15 @@ struct lmk_event {
 	struct list_head list;
 };
 
-void handle_lmk_event(struct task_struct *selected, short min_score_adj)
+void handle_lmk_event(struct task_struct *selected, int selected_tasksize,
+		      short min_score_adj)
 {
 	int head;
 	int tail;
 	struct lmk_event *events;
 	struct lmk_event *event;
 	int res;
-	long rss_in_pages = -1;
 	char taskname[MAX_TASKNAME];
-	struct mm_struct *mm = get_task_mm(selected);
-
-	if (mm) {
-		rss_in_pages = get_mm_rss(mm);
-		mmput(mm);
-	}
 
 	res = get_cmdline(selected, taskname, MAX_TASKNAME - 1);
 
@@ -147,7 +141,7 @@ void handle_lmk_event(struct task_struct *selected, short min_score_adj)
 	event->maj_flt = selected->maj_flt;
 	event->oom_score_adj = selected->signal->oom_score_adj;
 	event->start_time = nsec_to_clock_t(selected->real_start_time);
-	event->rss_in_pages = rss_in_pages;
+	event->rss_in_pages = selected_tasksize;
 	event->min_score_adj = min_score_adj;
 
 	event_buffer.head = (head + 1) & (MAX_BUFFERED_EVENTS - 1);
@@ -346,15 +340,17 @@ static unsigned long lowmem_scan(struct shrinker *s, struct shrink_control *sc)
 			     free);
 		lowmem_deathpending_timeout = jiffies + HZ;
 		rem += selected_tasksize;
+		get_task_struct(selected);
 	}
 
 	lowmem_print(4, "lowmem_scan %lu, %x, return %lu\n",
 		     sc->nr_to_scan, sc->gfp_mask, rem);
 	rcu_read_unlock();
 
-	if (selected)
-		handle_lmk_event(selected, min_score_adj);
-
+	if (selected) {
+		handle_lmk_event(selected, selected_tasksize, min_score_adj);
+		put_task_struct(selected);
+	}
 	return rem;
 }