summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRobin Holt <holt@sgi.com>2009-12-16 01:47:57 +0100
committerLinus Torvalds <torvalds@linux-foundation.org>2009-12-16 16:20:14 +0100
commit15b87d67ff3dc042bee42f991858d6b121b3b3ca (patch)
tree48e72a7ce8b4113b3dfcdcd31ca9bdce38ee3cd9
parentx86: uv: update XPC to handle updated BIOS interface (diff)
downloadlinux-15b87d67ff3dc042bee42f991858d6b121b3b3ca.tar.xz
linux-15b87d67ff3dc042bee42f991858d6b121b3b3ca.zip
x86: uv: xpc NULL deref when mesq becomes empty
Under heavy load conditions, our set of xpc messages may become exhausted. The code handles this correctly with the exception of the management code which hits a NULL pointer dereference. Signed-off-by: Robin Holt <holt@sgi.com> Cc: Jack Steiner <steiner@sgi.com> Cc: Ingo Molnar <mingo@elte.hu> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-rw-r--r--drivers/misc/sgi-xp/xpc_uv.c8
1 files changed, 5 insertions, 3 deletions
diff --git a/drivers/misc/sgi-xp/xpc_uv.c b/drivers/misc/sgi-xp/xpc_uv.c
index bbf0e2ee6fd9..19bd7b0ede91 100644
--- a/drivers/misc/sgi-xp/xpc_uv.c
+++ b/drivers/misc/sgi-xp/xpc_uv.c
@@ -949,11 +949,13 @@ xpc_get_fifo_entry_uv(struct xpc_fifo_head_uv *head)
head->first = first->next;
if (head->first == NULL)
head->last = NULL;
+
+ head->n_entries--;
+ BUG_ON(head->n_entries < 0);
+
+ first->next = NULL;
}
- head->n_entries--;
- BUG_ON(head->n_entries < 0);
spin_unlock_irqrestore(&head->lock, irq_flags);
- first->next = NULL;
return first;
}