aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRobin Holt <holt@sgi.com>2009-12-15 19:47:57 -0500
committerLinus Torvalds <torvalds@linux-foundation.org>2009-12-16 10:20:14 -0500
commit15b87d67ff3dc042bee42f991858d6b121b3b3ca (patch)
tree48e72a7ce8b4113b3dfcdcd31ca9bdce38ee3cd9
parentc2c9f115741453715d6b4da1cd2de65af8c7ad86 (diff)
x86: uv: xpc NULL deref when mesq becomes empty
Under heavy load conditions, our set of xpc messages may become exhausted. The code handles this correctly with the exception of the management code which hits a NULL pointer dereference. Signed-off-by: Robin Holt <holt@sgi.com> Cc: Jack Steiner <steiner@sgi.com> Cc: Ingo Molnar <mingo@elte.hu> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-rw-r--r--drivers/misc/sgi-xp/xpc_uv.c8
1 files changed, 5 insertions, 3 deletions
diff --git a/drivers/misc/sgi-xp/xpc_uv.c b/drivers/misc/sgi-xp/xpc_uv.c
index bbf0e2ee6fd9..19bd7b0ede91 100644
--- a/drivers/misc/sgi-xp/xpc_uv.c
+++ b/drivers/misc/sgi-xp/xpc_uv.c
@@ -949,11 +949,13 @@ xpc_get_fifo_entry_uv(struct xpc_fifo_head_uv *head)
949 head->first = first->next; 949 head->first = first->next;
950 if (head->first == NULL) 950 if (head->first == NULL)
951 head->last = NULL; 951 head->last = NULL;
952
953 head->n_entries--;
954 BUG_ON(head->n_entries < 0);
955
956 first->next = NULL;
952 } 957 }
953 head->n_entries--;
954 BUG_ON(head->n_entries < 0);
955 spin_unlock_irqrestore(&head->lock, irq_flags); 958 spin_unlock_irqrestore(&head->lock, irq_flags);
956 first->next = NULL;
957 return first; 959 return first;
958} 960}
959 961