From: Andi Kleen <ak@muc.de>

All mempolicy changes must be inside the spinlock and readding the rb_erase
prevents a crash while doing:

> echo "1" > /tmp/numatest
> numactl --length=0x4000 --shm /tmp/numatest --localalloc
> numactl --length=0x2000 --offset=0 --shm /tmp/numatest --membind=0
> numactl --length=0x2000 --offset=0x2000 --shm /tmp/numatest --membind=1
> ipcs
> ipcrm -M "the_key_value_of_this_shm_area"

Based on a patch by John Blackwood

Cc: <john.blackwood@ccur.com>
Cc: <andrea@suse.de>
Signed-off-by: Andi Kleen <ak@suse.de>
Signed-off-by: Andrew Morton <akpm@osdl.org>
---

 mm/mempolicy.c |    2 +-
 1 files changed, 1 insertion(+), 1 deletion(-)

diff -puN mm/mempolicy.c~undo-mempolicy-shared-policy-rbtree-microoptimization mm/mempolicy.c
--- devel/mm/mempolicy.c~undo-mempolicy-shared-policy-rbtree-microoptimization	2005-07-26 00:12:57.000000000 -0700
+++ devel-akpm/mm/mempolicy.c	2005-07-26 00:12:57.000000000 -0700
@@ -1138,11 +1138,11 @@ void mpol_free_shared_policy(struct shar
 	while (next) {
 		n = rb_entry(next, struct sp_node, nd);
 		next = rb_next(&n->nd);
+		rb_erase(&n->nd, &p->root);
 		mpol_free(n->policy);
 		kmem_cache_free(sn_cache, n);
 	}
 	spin_unlock(&p->lock);
-	p->root = RB_ROOT;
 }
 
 /* assumes fs == KERNEL_DS */
_