powerpc/mm: Fix a AB->BA deadlock scenario with nohash MMU context lock

The MMU context_lock can be taken from switch_mm() while the
rq->lock is held. The rq->lock can also be taken from interrupts,
thus if we get interrupted in destroy_context() with the context
lock held and that interrupt tries to take the rq->lock, there's
a possible deadlock scenario with another CPU having the rq->lock
and calling switch_mm() which takes our context lock.

The fix is to always ensure interrupts are off when taking our
context lock. The switch_mm() path is already good so this fixes
the destroy_context() path.

While at it, turn the context lock into a new style spinlock.
Signed-off-by: default avatarBenjamin Herrenschmidt <benh@kernel.crashing.org>
parent 3035c863
...@@ -46,7 +46,7 @@ static unsigned int next_context, nr_free_contexts; ...@@ -46,7 +46,7 @@ static unsigned int next_context, nr_free_contexts;
static unsigned long *context_map; static unsigned long *context_map;
static unsigned long *stale_map[NR_CPUS]; static unsigned long *stale_map[NR_CPUS];
static struct mm_struct **context_mm; static struct mm_struct **context_mm;
static spinlock_t context_lock = SPIN_LOCK_UNLOCKED; static DEFINE_SPINLOCK(context_lock);
#define CTX_MAP_SIZE \ #define CTX_MAP_SIZE \
(sizeof(unsigned long) * (last_context / BITS_PER_LONG + 1)) (sizeof(unsigned long) * (last_context / BITS_PER_LONG + 1))
...@@ -276,6 +276,7 @@ int init_new_context(struct task_struct *t, struct mm_struct *mm) ...@@ -276,6 +276,7 @@ int init_new_context(struct task_struct *t, struct mm_struct *mm)
*/ */
void destroy_context(struct mm_struct *mm) void destroy_context(struct mm_struct *mm)
{ {
unsigned long flags;
unsigned int id; unsigned int id;
if (mm->context.id == MMU_NO_CONTEXT) if (mm->context.id == MMU_NO_CONTEXT)
...@@ -283,7 +284,7 @@ void destroy_context(struct mm_struct *mm) ...@@ -283,7 +284,7 @@ void destroy_context(struct mm_struct *mm)
WARN_ON(mm->context.active != 0); WARN_ON(mm->context.active != 0);
spin_lock(&context_lock); spin_lock_irqsave(&context_lock, flags);
id = mm->context.id; id = mm->context.id;
if (id != MMU_NO_CONTEXT) { if (id != MMU_NO_CONTEXT) {
__clear_bit(id, context_map); __clear_bit(id, context_map);
...@@ -294,7 +295,7 @@ void destroy_context(struct mm_struct *mm) ...@@ -294,7 +295,7 @@ void destroy_context(struct mm_struct *mm)
context_mm[id] = NULL; context_mm[id] = NULL;
nr_free_contexts++; nr_free_contexts++;
} }
spin_unlock(&context_lock); spin_unlock_irqrestore(&context_lock, flags);
} }
#ifdef CONFIG_SMP #ifdef CONFIG_SMP
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment