diff options
author | Jack Steiner <steiner@sgi.com> | 2009-06-17 16:28:33 -0700 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2009-06-18 13:04:04 -0700 |
commit | 1926ee85a903d189c5702eed6531be321e33eb47 (patch) | |
tree | 1ae951591d3be09b86479800e2a4f03f119f4d78 /drivers/misc/sgi-gru/gru.h | |
parent | b1b19fcfa417cf62447413d6e8b9b6598adf00b9 (diff) | |
download | kernel_samsung_smdk4412-1926ee85a903d189c5702eed6531be321e33eb47.zip kernel_samsung_smdk4412-1926ee85a903d189c5702eed6531be321e33eb47.tar.gz kernel_samsung_smdk4412-1926ee85a903d189c5702eed6531be321e33eb47.tar.bz2 |
gru: fix potential use-after-free when purging GRU tlbs
Fix potential SGI GRU bug that could cause a use-after-free. If one
thread in a task is flushing the GRU and another thread destroys the GRU
context, there is the potential to access a table after it has been freed.
Copy the gms pointer to a local variable before unlocking the gts table.
Note that no refcnt is needed for the gms - the reference is held
indirectly by the task's mm_struct.
Signed-off-by: Jack Steiner <steiner@sgi.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'drivers/misc/sgi-gru/gru.h')
0 files changed, 0 insertions, 0 deletions