Commit cfbc6a92 authored by Andrea Righi's avatar Andrea Righi Committed by Greg Kroah-Hartman

staging: zcache: avoid AB-BA deadlock condition

Commit 9256a478 fixed a deadlock condition, being sure that the buddy
list spinlock is always taken before the page spinlock.

However in zbud_free_and_delist() locking order is the opposite
(page lock -> list lock).

Possible unsafe locking scenario (reported by lockdep):

        CPU0                    CPU1
        ----                    ----
   lock(&(&zbpg->lock)->rlock);
                                lock(zbud_budlists_spinlock);
                                lock(&(&zbpg->lock)->rlock);
   lock(zbud_budlists_spinlock);

Fix by grabbing the locks in opposite order in zbud_free_and_delist().
Signed-off-by: default avatarAndrea Righi <andrea@betterlinux.com>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
parent fc7e2a57
...@@ -333,10 +333,12 @@ static void zbud_free_and_delist(struct zbud_hdr *zh) ...@@ -333,10 +333,12 @@ static void zbud_free_and_delist(struct zbud_hdr *zh)
struct zbud_page *zbpg = struct zbud_page *zbpg =
container_of(zh, struct zbud_page, buddy[budnum]); container_of(zh, struct zbud_page, buddy[budnum]);
spin_lock(&zbud_budlists_spinlock);
spin_lock(&zbpg->lock); spin_lock(&zbpg->lock);
if (list_empty(&zbpg->bud_list)) { if (list_empty(&zbpg->bud_list)) {
/* ignore zombie page... see zbud_evict_pages() */ /* ignore zombie page... see zbud_evict_pages() */
spin_unlock(&zbpg->lock); spin_unlock(&zbpg->lock);
spin_unlock(&zbud_budlists_spinlock);
return; return;
} }
size = zbud_free(zh); size = zbud_free(zh);
...@@ -344,7 +346,6 @@ static void zbud_free_and_delist(struct zbud_hdr *zh) ...@@ -344,7 +346,6 @@ static void zbud_free_and_delist(struct zbud_hdr *zh)
zh_other = &zbpg->buddy[(budnum == 0) ? 1 : 0]; zh_other = &zbpg->buddy[(budnum == 0) ? 1 : 0];
if (zh_other->size == 0) { /* was unbuddied: unlist and free */ if (zh_other->size == 0) { /* was unbuddied: unlist and free */
chunks = zbud_size_to_chunks(size) ; chunks = zbud_size_to_chunks(size) ;
spin_lock(&zbud_budlists_spinlock);
BUG_ON(list_empty(&zbud_unbuddied[chunks].list)); BUG_ON(list_empty(&zbud_unbuddied[chunks].list));
list_del_init(&zbpg->bud_list); list_del_init(&zbpg->bud_list);
zbud_unbuddied[chunks].count--; zbud_unbuddied[chunks].count--;
...@@ -352,7 +353,6 @@ static void zbud_free_and_delist(struct zbud_hdr *zh) ...@@ -352,7 +353,6 @@ static void zbud_free_and_delist(struct zbud_hdr *zh)
zbud_free_raw_page(zbpg); zbud_free_raw_page(zbpg);
} else { /* was buddied: move remaining buddy to unbuddied list */ } else { /* was buddied: move remaining buddy to unbuddied list */
chunks = zbud_size_to_chunks(zh_other->size) ; chunks = zbud_size_to_chunks(zh_other->size) ;
spin_lock(&zbud_budlists_spinlock);
list_del_init(&zbpg->bud_list); list_del_init(&zbpg->bud_list);
zcache_zbud_buddied_count--; zcache_zbud_buddied_count--;
list_add_tail(&zbpg->bud_list, &zbud_unbuddied[chunks].list); list_add_tail(&zbpg->bud_list, &zbud_unbuddied[chunks].list);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment