diff options
| author | Christoph Hellwig <hch@lst.de> | 2007-09-19 00:38:12 -0400 | 
|---|---|---|
| committer | Paul Mackerras <paulus@samba.org> | 2007-09-19 01:26:29 -0400 | 
| commit | c0e7b4aa1c09ea992808ea8c079141bc8dd0f5bc (patch) | |
| tree | 04526571476d3f4e5f28f2043c025b72275c6b4a | |
| parent | c2f828977ba5d17c13debba374ea252d18e5ccfb (diff) | |
[POWERPC] spusched: Fix null pointer dereference in find_victim
find_victim can dereference a NULL pointer when iterating over the list
of victim spus because list_mutex only guarantees spu->ct to be stable,
but of course not to be non-NULL.
Also fix find_victim to not call spu_unbind_context without list_mutex
because that violates the above guarantee.
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Arnd Bergmann <arnd.bergmann@de.ibm.com>
Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
Signed-off-by: Paul Mackerras <paulus@samba.org>
| -rw-r--r-- | arch/powerpc/platforms/cell/spufs/sched.c | 4 | 
1 files changed, 2 insertions, 2 deletions
| diff --git a/arch/powerpc/platforms/cell/spufs/sched.c b/arch/powerpc/platforms/cell/spufs/sched.c index c784edd40ea7..5bebe7fbe056 100644 --- a/arch/powerpc/platforms/cell/spufs/sched.c +++ b/arch/powerpc/platforms/cell/spufs/sched.c | |||
| @@ -579,7 +579,7 @@ static struct spu *find_victim(struct spu_context *ctx) | |||
| 579 | list_for_each_entry(spu, &cbe_spu_info[node].spus, cbe_list) { | 579 | list_for_each_entry(spu, &cbe_spu_info[node].spus, cbe_list) { | 
| 580 | struct spu_context *tmp = spu->ctx; | 580 | struct spu_context *tmp = spu->ctx; | 
| 581 | 581 | ||
| 582 | if (tmp->prio > ctx->prio && | 582 | if (tmp && tmp->prio > ctx->prio && | 
| 583 | (!victim || tmp->prio > victim->prio)) | 583 | (!victim || tmp->prio > victim->prio)) | 
| 584 | victim = spu->ctx; | 584 | victim = spu->ctx; | 
| 585 | } | 585 | } | 
| @@ -611,9 +611,9 @@ static struct spu *find_victim(struct spu_context *ctx) | |||
| 611 | 611 | ||
| 612 | mutex_lock(&cbe_spu_info[node].list_mutex); | 612 | mutex_lock(&cbe_spu_info[node].list_mutex); | 
| 613 | cbe_spu_info[node].nr_active--; | 613 | cbe_spu_info[node].nr_active--; | 
| 614 | spu_unbind_context(spu, victim); | ||
| 614 | mutex_unlock(&cbe_spu_info[node].list_mutex); | 615 | mutex_unlock(&cbe_spu_info[node].list_mutex); | 
| 615 | 616 | ||
| 616 | spu_unbind_context(spu, victim); | ||
| 617 | victim->stats.invol_ctx_switch++; | 617 | victim->stats.invol_ctx_switch++; | 
| 618 | spu->stats.invol_ctx_switch++; | 618 | spu->stats.invol_ctx_switch++; | 
| 619 | mutex_unlock(&victim->state_mutex); | 619 | mutex_unlock(&victim->state_mutex); | 
