[PATCH] spufs: fix module refcount race

One of the two users of spufs_calls.owner still has a race
when calling try_module_get while the module is removed.
This makes it use the correct instance of owner.

Noticed by Milton Miller.

Signed-off-by: Arnd Bergmann <arndb@de.ibm.com>
Signed-off-by: Paul Mackerras <paulus@samba.org>

diff --git a/arch/powerpc/platforms/cell/spu_syscalls.c b/arch/powerpc/platforms/cell/spu_syscalls.c
index 91d564df944e0383d270e2ca10158cbd71ddc152..261b507a901afb1f389f51186063a9dcc2156c48 100644 (file)
--- a/arch/powerpc/platforms/cell/spu_syscalls.c
+++ b/arch/powerpc/platforms/cell/spu_syscalls.c
@@ -40,7 +40,7 @@ asmlinkage long sys_spu_create(const char __user *name,
        struct module *owner = spufs_calls.owner;
 
        ret = -ENOSYS;
-       if (owner && try_module_get(spufs_calls.owner)) {
+       if (owner && try_module_get(owner)) {
                ret = spufs_calls.create_thread(name, flags, mode);
                module_put(owner);
        }