From: Christoph Hellwig Date: Wed, 19 Sep 2007 04:38:12 +0000 (+1000) Subject: [POWERPC] spusched: Fix null pointer dereference in find_victim X-Git-Tag: v2.6.23-rc7~8^2~2 X-Git-Url: https://err.no/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c0e7b4aa1c09ea992808ea8c079141bc8dd0f5bc;p=linux-2.6 [POWERPC] spusched: Fix null pointer dereference in find_victim find_victim can dereference a NULL pointer when iterating over the list of victim spus because list_mutex only guarantees spu->ct to be stable, but of course not to be non-NULL. Also fix find_victim to not call spu_unbind_context without list_mutex because that violates the above guarantee. Signed-off-by: Christoph Hellwig Signed-off-by: Arnd Bergmann Signed-off-by: Jeremy Kerr Signed-off-by: Paul Mackerras --- diff --git a/arch/powerpc/platforms/cell/spufs/sched.c b/arch/powerpc/platforms/cell/spufs/sched.c index c784edd40e..5bebe7fbe0 100644 --- a/arch/powerpc/platforms/cell/spufs/sched.c +++ b/arch/powerpc/platforms/cell/spufs/sched.c @@ -579,7 +579,7 @@ static struct spu *find_victim(struct spu_context *ctx) list_for_each_entry(spu, &cbe_spu_info[node].spus, cbe_list) { struct spu_context *tmp = spu->ctx; - if (tmp->prio > ctx->prio && + if (tmp && tmp->prio > ctx->prio && (!victim || tmp->prio > victim->prio)) victim = spu->ctx; } @@ -611,9 +611,9 @@ static struct spu *find_victim(struct spu_context *ctx) mutex_lock(&cbe_spu_info[node].list_mutex); cbe_spu_info[node].nr_active--; + spu_unbind_context(spu, victim); mutex_unlock(&cbe_spu_info[node].list_mutex); - spu_unbind_context(spu, victim); victim->stats.invol_ctx_switch++; spu->stats.invol_ctx_switch++; mutex_unlock(&victim->state_mutex);