Commit c0e7b4aa authored by Christoph Hellwig's avatar Christoph Hellwig Committed by Paul Mackerras

[POWERPC] spusched: Fix null pointer dereference in find_victim

find_victim can dereference a NULL pointer when iterating over the list
of victim spus because list_mutex only guarantees spu->ct to be stable,
but of course not to be non-NULL.

Also fix find_victim to not call spu_unbind_context without list_mutex
because that violates the above guarantee.
Signed-off-by: default avatarChristoph Hellwig <hch@lst.de>
Signed-off-by: default avatarArnd Bergmann <arnd.bergmann@de.ibm.com>
Signed-off-by: default avatarJeremy Kerr <jk@ozlabs.org>
Signed-off-by: default avatarPaul Mackerras <paulus@samba.org>
parent c2f82897
...@@ -579,7 +579,7 @@ static struct spu *find_victim(struct spu_context *ctx) ...@@ -579,7 +579,7 @@ static struct spu *find_victim(struct spu_context *ctx)
list_for_each_entry(spu, &cbe_spu_info[node].spus, cbe_list) { list_for_each_entry(spu, &cbe_spu_info[node].spus, cbe_list) {
struct spu_context *tmp = spu->ctx; struct spu_context *tmp = spu->ctx;
if (tmp->prio > ctx->prio && if (tmp && tmp->prio > ctx->prio &&
(!victim || tmp->prio > victim->prio)) (!victim || tmp->prio > victim->prio))
victim = spu->ctx; victim = spu->ctx;
} }
...@@ -611,9 +611,9 @@ static struct spu *find_victim(struct spu_context *ctx) ...@@ -611,9 +611,9 @@ static struct spu *find_victim(struct spu_context *ctx)
mutex_lock(&cbe_spu_info[node].list_mutex); mutex_lock(&cbe_spu_info[node].list_mutex);
cbe_spu_info[node].nr_active--; cbe_spu_info[node].nr_active--;
spu_unbind_context(spu, victim);
mutex_unlock(&cbe_spu_info[node].list_mutex); mutex_unlock(&cbe_spu_info[node].list_mutex);
spu_unbind_context(spu, victim);
victim->stats.invol_ctx_switch++; victim->stats.invol_ctx_switch++;
spu->stats.invol_ctx_switch++; spu->stats.invol_ctx_switch++;
mutex_unlock(&victim->state_mutex); mutex_unlock(&victim->state_mutex);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment