In the Linux kernel, the following vulnerability has been resolved:
schhfsc: make hfscqlen_notify() idempotent
hfscqlennotify() is not idempotent either and not friendly to its callers, like fqcodeldequeue(). Let's make it idempotent to ease qdisctreereduce_backlog() callers' life:
updatevf() decreases cl->clnactive, so we can check whether it is non-zero before calling it.
eltreeremove() always removes RB node cl->elnode, but we can use RBEMPTYNODE() + RBCLEARNODE() to make it safe.