Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 3047817b authored by Steffen Klassert's avatar Steffen Klassert Committed by Herbert Xu
Browse files

padata: Fix race in the serialization path 



When a padata object is queued to the serialization queue, another
cpu might process and free the padata object. So don't dereference
it after queueing to the serialization queue.

Signed-off-by: default avatarSteffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
parent 0b95ec56

kernel/padata.c

+4 −2
Original line number Diff line number Diff line
@@ -230,6 +230,7 @@ static struct padata_priv *padata_get_next(struct parallel_data *pd) 


static void padata_reorder(struct parallel_data *pd)

{

	int cb_cpu;

	struct padata_priv *padata;

	struct padata_serial_queue *squeue;

	struct padata_instance *pinst = pd->pinst;
@@ -270,13 +271,14 @@ static void padata_reorder(struct parallel_data *pd) 
			return;

		}



		squeue = per_cpu_ptr(pd->squeue, padata->cb_cpu);

		cb_cpu = padata->cb_cpu;

		squeue = per_cpu_ptr(pd->squeue, cb_cpu);



		spin_lock(&squeue->serial.lock);

		list_add_tail(&padata->list, &squeue->serial.list);

		spin_unlock(&squeue->serial.lock);



		queue_work_on(padata->cb_cpu, pinst->wq, &squeue->work);

		queue_work_on(cb_cpu, pinst->wq, &squeue->work);

	}



	spin_unlock_bh(&pd->lock);