Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 762cf6da authored by Arnd Bergmann's avatar Arnd Bergmann Committed by Paul Mackerras
Browse files

[PATCH] spufs: fix locking in spu_acquire_runnable 



We need to check for validity of owner under down_write,
down_read is not enough.

Noticed by Al Viro.

Signed-off-by: default avatarArnd Bergmann <arndb@de.ibm.com>
Signed-off-by: default avatarPaul Mackerras <paulus@samba.org>
parent c902be71

arch/powerpc/platforms/cell/spufs/context.c

+6 −4
Original line number Original line Diff line number Diff line
@@ -120,27 +120,29 @@ int spu_acquire_runnable(struct spu_context *ctx) 
		ctx->spu->prio = current->prio;

		ctx->spu->prio = current->prio;

		return 0;

		return 0;

	}

	}

	up_read(&ctx->state_sema);



	down_write(&ctx->state_sema);

	/* ctx is about to be freed, can't acquire any more */

	/* ctx is about to be freed, can't acquire any more */

	if (!ctx->owner) {

	if (!ctx->owner) {

		ret = -EINVAL;

		ret = -EINVAL;

		goto out;

		goto out;

	}

	}

	up_read(&ctx->state_sema);





	down_write(&ctx->state_sema);

	if (ctx->state == SPU_STATE_SAVED) {

	if (ctx->state == SPU_STATE_SAVED) {

		ret = spu_activate(ctx, 0);

		ret = spu_activate(ctx, 0);

		ctx->state = SPU_STATE_RUNNABLE;

		ctx->state = SPU_STATE_RUNNABLE;

	}

	}

	downgrade_write(&ctx->state_sema);

	if (ret)

	if (ret)

		goto out;

		goto out;





	downgrade_write(&ctx->state_sema);

	/* On success, we return holding the lock */

	/* On success, we return holding the lock */



	return ret;

	return ret;

out:

out:

	/* Release here, to simplify calling code. */

	/* Release here, to simplify calling code. */

	up_read(&ctx->state_sema);

	up_write(&ctx->state_sema);





	return ret;

	return ret;

}

}