staging: zcache: avoid AB-BA deadlock condition
authorAndrea Righi <andrea@betterlinux.com>
Mon, 20 Feb 2012 12:11:49 +0000 (13:11 +0100)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Fri, 24 Feb 2012 19:59:59 +0000 (11:59 -0800)
Commit 9256a47 fixed a deadlock condition, being sure that the buddy
list spinlock is always taken before the page spinlock.

However in zbud_free_and_delist() locking order is the opposite
(page lock -> list lock).

Possible unsafe locking scenario (reported by lockdep):

        CPU0                    CPU1
        ----                    ----
   lock(&(&zbpg->lock)->rlock);
                                lock(zbud_budlists_spinlock);
                                lock(&(&zbpg->lock)->rlock);
   lock(zbud_budlists_spinlock);

Fix by grabbing the locks in opposite order in zbud_free_and_delist().

Signed-off-by: Andrea Righi <andrea@betterlinux.com>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
drivers/staging/zcache/zcache-main.c

index d7020b774039acc2649f812fe2230c2b549ea399..238d82095ab1747d7b286948ee00e5d625c8ae6c 100644 (file)
@@ -333,10 +333,12 @@ static void zbud_free_and_delist(struct zbud_hdr *zh)
        struct zbud_page *zbpg =
                container_of(zh, struct zbud_page, buddy[budnum]);
 
+       spin_lock(&zbud_budlists_spinlock);
        spin_lock(&zbpg->lock);
        if (list_empty(&zbpg->bud_list)) {
                /* ignore zombie page... see zbud_evict_pages() */
                spin_unlock(&zbpg->lock);
+               spin_unlock(&zbud_budlists_spinlock);
                return;
        }
        size = zbud_free(zh);
@@ -344,7 +346,6 @@ static void zbud_free_and_delist(struct zbud_hdr *zh)
        zh_other = &zbpg->buddy[(budnum == 0) ? 1 : 0];
        if (zh_other->size == 0) { /* was unbuddied: unlist and free */
                chunks = zbud_size_to_chunks(size) ;
-               spin_lock(&zbud_budlists_spinlock);
                BUG_ON(list_empty(&zbud_unbuddied[chunks].list));
                list_del_init(&zbpg->bud_list);
                zbud_unbuddied[chunks].count--;
@@ -352,7 +353,6 @@ static void zbud_free_and_delist(struct zbud_hdr *zh)
                zbud_free_raw_page(zbpg);
        } else { /* was buddied: move remaining buddy to unbuddied list */
                chunks = zbud_size_to_chunks(zh_other->size) ;
-               spin_lock(&zbud_budlists_spinlock);
                list_del_init(&zbpg->bud_list);
                zcache_zbud_buddied_count--;
                list_add_tail(&zbpg->bud_list, &zbud_unbuddied[chunks].list);