aboutsummaryrefslogtreecommitdiffstats
path: root/kernel/padata.c
diff options
context:
space:
mode:
authorSteffen Klassert <steffen.klassert@secunet.com>2012-03-09 01:20:12 -0500
committerHerbert Xu <herbert@gondor.apana.org.au>2012-03-14 05:25:56 -0400
commit3047817b894ddae62be07787bc8735a616104398 (patch)
treee5eac5f11bb0c34a80224a62892f72a240eb1659 /kernel/padata.c
parent0b95ec56ae19f61ca664e83766a2180057f0e351 (diff)
padata: Fix race in the serialization path
When a padata object is queued to the serialization queue, another cpu might process and free the padata object. So don't dereference it after queueing to the serialization queue. Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Diffstat (limited to 'kernel/padata.c')
-rw-r--r--kernel/padata.c6
1 files changed, 4 insertions, 2 deletions
diff --git a/kernel/padata.c b/kernel/padata.c
index b45259931512..aa9929545855 100644
--- a/kernel/padata.c
+++ b/kernel/padata.c
@@ -230,6 +230,7 @@ out:
230 230
231static void padata_reorder(struct parallel_data *pd) 231static void padata_reorder(struct parallel_data *pd)
232{ 232{
233 int cb_cpu;
233 struct padata_priv *padata; 234 struct padata_priv *padata;
234 struct padata_serial_queue *squeue; 235 struct padata_serial_queue *squeue;
235 struct padata_instance *pinst = pd->pinst; 236 struct padata_instance *pinst = pd->pinst;
@@ -270,13 +271,14 @@ static void padata_reorder(struct parallel_data *pd)
270 return; 271 return;
271 } 272 }
272 273
273 squeue = per_cpu_ptr(pd->squeue, padata->cb_cpu); 274 cb_cpu = padata->cb_cpu;
275 squeue = per_cpu_ptr(pd->squeue, cb_cpu);
274 276
275 spin_lock(&squeue->serial.lock); 277 spin_lock(&squeue->serial.lock);
276 list_add_tail(&padata->list, &squeue->serial.list); 278 list_add_tail(&padata->list, &squeue->serial.list);
277 spin_unlock(&squeue->serial.lock); 279 spin_unlock(&squeue->serial.lock);
278 280
279 queue_work_on(padata->cb_cpu, pinst->wq, &squeue->work); 281 queue_work_on(cb_cpu, pinst->wq, &squeue->work);
280 } 282 }
281 283
282 spin_unlock_bh(&pd->lock); 284 spin_unlock_bh(&pd->lock);
generated by cgit v1.2.2 (git 2.25.0) at 2025-02-20 00:43:33 -0500