[PATCH] spufs: fix locking in spu_acquire_runnable

We need to check for validity of owner under down_write,
down_read is not enough.

Noticed by Al Viro.

Signed-off-by: Arnd Bergmann <arndb@de.ibm.com>
Signed-off-by: Paul Mackerras <paulus@samba.org>

diff --git a/arch/powerpc/platforms/cell/spufs/context.c b/arch/powerpc/platforms/cell/spufs/context.c
index 1758cec..903c35d 100644 (file)
--- a/arch/powerpc/platforms/cell/spufs/context.c
+++ b/arch/powerpc/platforms/cell/spufs/context.c
@@ -120,27 +120,29 @@ int spu_acquire_runnable(struct spu_context *ctx)
                ctx->spu->prio = current->prio;
                return 0;
        }
+       up_read(&ctx->state_sema);
+
+       down_write(&ctx->state_sema);
        /* ctx is about to be freed, can't acquire any more */
        if (!ctx->owner) {
                ret = -EINVAL;
                goto out;
        }
-       up_read(&ctx->state_sema);
 
-       down_write(&ctx->state_sema);
        if (ctx->state == SPU_STATE_SAVED) {
                ret = spu_activate(ctx, 0);
                ctx->state = SPU_STATE_RUNNABLE;
        }
-       downgrade_write(&ctx->state_sema);
        if (ret)
                goto out;
 
+       downgrade_write(&ctx->state_sema);
        /* On success, we return holding the lock */
+
        return ret;
 out:
        /* Release here, to simplify calling code. */
-       up_read(&ctx->state_sema);
+       up_write(&ctx->state_sema);
 
        return ret;
 }