From 5c647926d044993f9ded013d4531a373e6fcbc1e Mon Sep 17 00:00:00 2001
From: Syed Rameez Mustafa <rameezmustafa@codeaurora.org>
Date: Mon, 24 Oct 2016 18:37:14 -0700
Subject: sched: Set curr/prev_window_cpu pointers to NULL in sched_exit()

trace_sched_update_task_ravg relies on NULL pointers to ensure that
it doesn't access them. Make sure that when a task exits, these
pointers are set to NULL. Otherwise any call to update_task_ravg()
between sched_exit() and releasing the task structure will access
bogus pointers. In some cases those memory locations are unmapped
and cause a kernel panic.

Change-Id: I9eebb4fb35aca2c8424bfb29ae9d833650dc5ad4
Signed-off-by: Syed Rameez Mustafa <rameezmustafa@codeaurora.org>
---
 kernel/sched/core.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/kernel/sched/core.c b/kernel/sched/core.c
index 53f7b50b7541..c07d844c576e 100644
--- a/kernel/sched/core.c
+++ b/kernel/sched/core.c
@@ -2273,6 +2273,14 @@ void sched_exit(struct task_struct *p)
 	kfree(p->ravg.curr_window_cpu);
 	kfree(p->ravg.prev_window_cpu);
 
+	/*
+	 * update_task_ravg() can be called for exiting tasks. While the
+	 * function itself ensures correct behavior, the corresponding
+	 * trace event requires that these pointers be NULL.
+	 */
+	p->ravg.curr_window_cpu = NULL;
+	p->ravg.prev_window_cpu = NULL;
+
 	enqueue_task(rq, p, 0);
 	clear_ed_task(p, rq);
 	task_rq_unlock(rq, p, &flags);
-- 
cgit v1.2.3