From: Arnd Bergmann Date: Wed, 4 Jan 2006 19:31:21 +0000 (+0100) Subject: [PATCH] spufs: fix locking in spu_acquire_runnable X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=762cf6dac2623473e83bb271f2bbe97d2355c64d;p=GitHub%2FLineageOS%2FG12%2Fandroid_kernel_amlogic_linux-4.9.git [PATCH] spufs: fix locking in spu_acquire_runnable We need to check for validity of owner under down_write, down_read is not enough. Noticed by Al Viro. Signed-off-by: Arnd Bergmann Signed-off-by: Paul Mackerras --- diff --git a/arch/powerpc/platforms/cell/spufs/context.c b/arch/powerpc/platforms/cell/spufs/context.c index 1758cec58bc7..903c35d19577 100644 --- a/arch/powerpc/platforms/cell/spufs/context.c +++ b/arch/powerpc/platforms/cell/spufs/context.c @@ -120,27 +120,29 @@ int spu_acquire_runnable(struct spu_context *ctx) ctx->spu->prio = current->prio; return 0; } + up_read(&ctx->state_sema); + + down_write(&ctx->state_sema); /* ctx is about to be freed, can't acquire any more */ if (!ctx->owner) { ret = -EINVAL; goto out; } - up_read(&ctx->state_sema); - down_write(&ctx->state_sema); if (ctx->state == SPU_STATE_SAVED) { ret = spu_activate(ctx, 0); ctx->state = SPU_STATE_RUNNABLE; } - downgrade_write(&ctx->state_sema); if (ret) goto out; + downgrade_write(&ctx->state_sema); /* On success, we return holding the lock */ + return ret; out: /* Release here, to simplify calling code. */ - up_read(&ctx->state_sema); + up_write(&ctx->state_sema); return ret; }