padata: Fix race in the serialization path

When a padata object is queued to the serialization queue, another
cpu might process and free the padata object. So don't dereference
it after queueing to the serialization queue.

Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
This commit is contained in:
Steffen Klassert 2012-03-09 07:20:12 +01:00 committed by Herbert Xu
parent 0b95ec56ae
commit 3047817b89

View File

@ -230,6 +230,7 @@ out:
static void padata_reorder(struct parallel_data *pd)
{
int cb_cpu;
struct padata_priv *padata;
struct padata_serial_queue *squeue;
struct padata_instance *pinst = pd->pinst;
@ -270,13 +271,14 @@ static void padata_reorder(struct parallel_data *pd)
return;
}
squeue = per_cpu_ptr(pd->squeue, padata->cb_cpu);
cb_cpu = padata->cb_cpu;
squeue = per_cpu_ptr(pd->squeue, cb_cpu);
spin_lock(&squeue->serial.lock);
list_add_tail(&padata->list, &squeue->serial.list);
spin_unlock(&squeue->serial.lock);
queue_work_on(padata->cb_cpu, pinst->wq, &squeue->work);
queue_work_on(cb_cpu, pinst->wq, &squeue->work);
}
spin_unlock_bh(&pd->lock);