Adding two elements to the full svm queue passes exact
bounds check, therefore tail gets overwritten w/o any
waiting. Fix it with requiring at lease two free slots.
Type: fix
Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru>
Change-Id: I704ee606c47b523952cb965f848339ae1988cb60
else
svm_queue_lock (q);
- if (PREDICT_FALSE (q->cursize + 1 == q->maxsize))
+ if (PREDICT_FALSE (q->cursize + 1 >= q->maxsize))
{
if (nowait)
{
svm_queue_unlock (q);
return (-2);
}
- while (q->cursize + 1 == q->maxsize)
+ while (q->cursize + 1 >= q->maxsize)
svm_queue_wait_inline (q);
}