diff options
author | Christoph Hellwig <hch@lst.de> | 2007-09-19 00:38:12 -0400 |
---|---|---|
committer | Paul Mackerras <paulus@samba.org> | 2007-09-19 01:26:29 -0400 |
commit | c0e7b4aa1c09ea992808ea8c079141bc8dd0f5bc (patch) | |
tree | 04526571476d3f4e5f28f2043c025b72275c6b4a /arch/powerpc | |
parent | c2f828977ba5d17c13debba374ea252d18e5ccfb (diff) |
[POWERPC] spusched: Fix null pointer dereference in find_victim
find_victim can dereference a NULL pointer when iterating over the list
of victim spus because list_mutex only guarantees spu->ct to be stable,
but of course not to be non-NULL.
Also fix find_victim to not call spu_unbind_context without list_mutex
because that violates the above guarantee.
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Arnd Bergmann <arnd.bergmann@de.ibm.com>
Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
Signed-off-by: Paul Mackerras <paulus@samba.org>
Diffstat (limited to 'arch/powerpc')
-rw-r--r-- | arch/powerpc/platforms/cell/spufs/sched.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/arch/powerpc/platforms/cell/spufs/sched.c b/arch/powerpc/platforms/cell/spufs/sched.c index c784edd40ea7..5bebe7fbe056 100644 --- a/arch/powerpc/platforms/cell/spufs/sched.c +++ b/arch/powerpc/platforms/cell/spufs/sched.c | |||
@@ -579,7 +579,7 @@ static struct spu *find_victim(struct spu_context *ctx) | |||
579 | list_for_each_entry(spu, &cbe_spu_info[node].spus, cbe_list) { | 579 | list_for_each_entry(spu, &cbe_spu_info[node].spus, cbe_list) { |
580 | struct spu_context *tmp = spu->ctx; | 580 | struct spu_context *tmp = spu->ctx; |
581 | 581 | ||
582 | if (tmp->prio > ctx->prio && | 582 | if (tmp && tmp->prio > ctx->prio && |
583 | (!victim || tmp->prio > victim->prio)) | 583 | (!victim || tmp->prio > victim->prio)) |
584 | victim = spu->ctx; | 584 | victim = spu->ctx; |
585 | } | 585 | } |
@@ -611,9 +611,9 @@ static struct spu *find_victim(struct spu_context *ctx) | |||
611 | 611 | ||
612 | mutex_lock(&cbe_spu_info[node].list_mutex); | 612 | mutex_lock(&cbe_spu_info[node].list_mutex); |
613 | cbe_spu_info[node].nr_active--; | 613 | cbe_spu_info[node].nr_active--; |
614 | spu_unbind_context(spu, victim); | ||
614 | mutex_unlock(&cbe_spu_info[node].list_mutex); | 615 | mutex_unlock(&cbe_spu_info[node].list_mutex); |
615 | 616 | ||
616 | spu_unbind_context(spu, victim); | ||
617 | victim->stats.invol_ctx_switch++; | 617 | victim->stats.invol_ctx_switch++; |
618 | spu->stats.invol_ctx_switch++; | 618 | spu->stats.invol_ctx_switch++; |
619 | mutex_unlock(&victim->state_mutex); | 619 | mutex_unlock(&victim->state_mutex); |