[POWERPC] spusched: Fix null pointer dereference in find_victim

Wed, 19 Sep 2007 12:08:01 -0700 

Gitweb:     
http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=c0e7b4aa1c09ea992808ea8c079141bc8dd0f5bc
Commit:     c0e7b4aa1c09ea992808ea8c079141bc8dd0f5bc
Parent:     c2f828977ba5d17c13debba374ea252d18e5ccfb
Author:     Christoph Hellwig <[EMAIL PROTECTED]>
AuthorDate: Wed Sep 19 14:38:12 2007 +1000
Committer:  Paul Mackerras <[EMAIL PROTECTED]>
CommitDate: Wed Sep 19 15:26:29 2007 +1000

    [POWERPC] spusched: Fix null pointer dereference in find_victim
    
    find_victim can dereference a NULL pointer when iterating over the list
    of victim spus because list_mutex only guarantees spu->ct to be stable,
    but of course not to be non-NULL.
    
    Also fix find_victim to not call spu_unbind_context without list_mutex
    because that violates the above guarantee.
    
    Signed-off-by: Christoph Hellwig <[EMAIL PROTECTED]>
    Signed-off-by: Arnd Bergmann <[EMAIL PROTECTED]>
    Signed-off-by: Jeremy Kerr <[EMAIL PROTECTED]>
    Signed-off-by: Paul Mackerras <[EMAIL PROTECTED]>
---
 arch/powerpc/platforms/cell/spufs/sched.c |    4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/arch/powerpc/platforms/cell/spufs/sched.c 
b/arch/powerpc/platforms/cell/spufs/sched.c
index c784edd..5bebe7f 100644
--- a/arch/powerpc/platforms/cell/spufs/sched.c
+++ b/arch/powerpc/platforms/cell/spufs/sched.c
@@ -579,7 +579,7 @@ static struct spu *find_victim(struct spu_context *ctx)
                list_for_each_entry(spu, &cbe_spu_info[node].spus, cbe_list) {
                        struct spu_context *tmp = spu->ctx;
 
-                       if (tmp->prio > ctx->prio &&
+                       if (tmp && tmp->prio > ctx->prio &&
                            (!victim || tmp->prio > victim->prio))
                                victim = spu->ctx;
                }
@@ -611,9 +611,9 @@ static struct spu *find_victim(struct spu_context *ctx)
 
                        mutex_lock(&cbe_spu_info[node].list_mutex);
                        cbe_spu_info[node].nr_active--;
+                       spu_unbind_context(spu, victim);
                        mutex_unlock(&cbe_spu_info[node].list_mutex);
 
-                       spu_unbind_context(spu, victim);
                        victim->stats.invol_ctx_switch++;
                        spu->stats.invol_ctx_switch++;
                        mutex_unlock(&victim->state_mutex);
-
To unsubscribe from this list: send the line "unsubscribe git-commits-head" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Reply via email to