Commit 15b87d67 authored by Robin Holt's avatar Robin Holt Committed by Linus Torvalds

x86: uv: xpc NULL deref when mesq becomes empty

Under heavy load conditions, our set of xpc messages may become exhausted.
 The code handles this correctly with the exception of the management code
which hits a NULL pointer dereference.
Signed-off-by: default avatarRobin Holt <holt@sgi.com>
Cc: Jack Steiner <steiner@sgi.com>
Cc: Ingo Molnar <mingo@elte.hu>
Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
parent c2c9f115
...@@ -949,11 +949,13 @@ xpc_get_fifo_entry_uv(struct xpc_fifo_head_uv *head) ...@@ -949,11 +949,13 @@ xpc_get_fifo_entry_uv(struct xpc_fifo_head_uv *head)
head->first = first->next; head->first = first->next;
if (head->first == NULL) if (head->first == NULL)
head->last = NULL; head->last = NULL;
head->n_entries--;
BUG_ON(head->n_entries < 0);
first->next = NULL;
} }
head->n_entries--;
BUG_ON(head->n_entries < 0);
spin_unlock_irqrestore(&head->lock, irq_flags); spin_unlock_irqrestore(&head->lock, irq_flags);
first->next = NULL;
return first; return first;
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment