lk/linux-kernel-test
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

[POWERPC] spusched: Fix null pointer dereference in find_victim

Browse Source 
find_victim can dereference a NULL pointer when iterating over the list
of victim spus because list_mutex only guarantees spu->ct to be stable,
but of course not to be non-NULL.

Also fix find_victim to not call spu_unbind_context without list_mutex
because that violates the above guarantee.

Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Arnd Bergmann <arnd.bergmann@de.ibm.com>
Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
Signed-off-by: Paul Mackerras <paulus@samba.org>
This commit is contained in:
Christoph Hellwig
2007-09-19 14:38:12 +10:00
committed by Paul Mackerras
parent c2f828977b
commit c0e7b4aa1c
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
arch/powerpc/platforms/cell/spufs/sched.c
View File

@@ -579,7 +579,7 @@ static struct spu *find_victim(struct spu_context *ctx)
list_for_each_entry(spu, &cbe_spu_info[node].spus, cbe_list) { list_for_each_entry(spu, &cbe_spu_info[node].spus, cbe_list) {
struct spu_context *tmp = spu->ctx; struct spu_context *tmp = spu->ctx;
if (tmp->prio > ctx->prio && if (tmp && tmp->prio > ctx->prio &&
(!victim || tmp->prio > victim->prio)) (!victim || tmp->prio > victim->prio))
victim = spu->ctx; victim = spu->ctx;
} }
@@ -611,9 +611,9 @@ static struct spu *find_victim(struct spu_context *ctx)
mutex_lock(&cbe_spu_info[node].list_mutex); mutex_lock(&cbe_spu_info[node].list_mutex);
cbe_spu_info[node].nr_active--; cbe_spu_info[node].nr_active--;
spu_unbind_context(spu, victim);
mutex_unlock(&cbe_spu_info[node].list_mutex); mutex_unlock(&cbe_spu_info[node].list_mutex);
spu_unbind_context(spu, victim);
victim->stats.invol_ctx_switch++; victim->stats.invol_ctx_switch++;
spu->stats.invol_ctx_switch++; spu->stats.invol_ctx_switch++;
mutex_unlock(&victim->state_mutex); mutex_unlock(&victim->state_mutex);