[POWERPC] spusched: Fix null pointer dereference in find_victim
authorChristoph Hellwig <hch@lst.de>
Wed, 19 Sep 2007 04:38:12 +0000 (14:38 +1000)
committerPaul Mackerras <paulus@samba.org>
Wed, 19 Sep 2007 05:26:29 +0000 (15:26 +1000)
find_victim can dereference a NULL pointer when iterating over the list
of victim spus because list_mutex only guarantees spu->ct to be stable,
but of course not to be non-NULL.

Also fix find_victim to not call spu_unbind_context without list_mutex
because that violates the above guarantee.

Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Arnd Bergmann <arnd.bergmann@de.ibm.com>
Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
Signed-off-by: Paul Mackerras <paulus@samba.org>
arch/powerpc/platforms/cell/spufs/sched.c

index c784edd40ea748c74518d0d4bf9d7e4ac1ce4636..5bebe7fbe056de17a39a8b78d419f67580735f74 100644 (file)
@@ -579,7 +579,7 @@ static struct spu *find_victim(struct spu_context *ctx)
                list_for_each_entry(spu, &cbe_spu_info[node].spus, cbe_list) {
                        struct spu_context *tmp = spu->ctx;
 
-                       if (tmp->prio > ctx->prio &&
+                       if (tmp && tmp->prio > ctx->prio &&
                            (!victim || tmp->prio > victim->prio))
                                victim = spu->ctx;
                }
@@ -611,9 +611,9 @@ static struct spu *find_victim(struct spu_context *ctx)
 
                        mutex_lock(&cbe_spu_info[node].list_mutex);
                        cbe_spu_info[node].nr_active--;
+                       spu_unbind_context(spu, victim);
                        mutex_unlock(&cbe_spu_info[node].list_mutex);
 
-                       spu_unbind_context(spu, victim);
                        victim->stats.invol_ctx_switch++;
                        spu->stats.invol_ctx_switch++;
                        mutex_unlock(&victim->state_mutex);