From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <hch@lst.de>
Received: from mail.lst.de (verein.lst.de [213.95.11.210])
	(using TLSv1 with cipher EDH-RSA-DES-CBC3-SHA (168/168 bits))
	(Client did not present a certificate)
	by ozlabs.org (Postfix) with ESMTP id 56628DDED9
	for <linuxppc-dev@ozlabs.org>; Fri, 14 Sep 2007 17:56:21 +1000 (EST)
Date: Fri, 14 Sep 2007 09:44:24 +0200
From: Christoph Hellwig <hch@lst.de>
To: Jeremy Kerr <jk@ozlabs.org>
Subject: Re: [PATCH 10/25] spusched: fix null pointer dereference in
	find_victim
Message-ID: <20070914074424.GD18011@lst.de>
References: <1189751574.98527.127994196313.1.gpush@pokey>
	<1189751574.104447.719838727251.10.gpush@pokey>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
In-Reply-To: <1189751574.104447.719838727251.10.gpush@pokey>
Cc: linuxppc-dev@ozlabs.org
List-Id: Linux on PowerPC Developers Mail List <linuxppc-dev.ozlabs.org>
List-Unsubscribe: <https://ozlabs.org/mailman/listinfo/linuxppc-dev>,
	<mailto:linuxppc-dev-request@ozlabs.org?subject=unsubscribe>
List-Archive: <http://ozlabs.org/pipermail/linuxppc-dev>
List-Post: <mailto:linuxppc-dev@ozlabs.org>
List-Help: <mailto:linuxppc-dev-request@ozlabs.org?subject=help>
List-Subscribe: <https://ozlabs.org/mailman/listinfo/linuxppc-dev>,
	<mailto:linuxppc-dev-request@ozlabs.org?subject=subscribe>

On Fri, Sep 14, 2007 at 04:32:54PM +1000, Jeremy Kerr wrote:
> From: Christoph Hellwig <hch@lst.de>
> 
> find_victim can dereference a NULL pointer when iterating over the list
> of victim spus because list_mutex only guarantees spu->ct to be stable,
> but of course not to be non-NULL.
> 
> Also fix find_victim to not call spu_unbind_context without list_mutex
> because that violates the above guarantee.

Didn't we want to try to get this into 2.6.23?  It's a quite emberassing
bug with a trivial fix.  And a regression vs 2.6.22.