powerpc/mm: Fix a AB->BA deadlock scenario with nohash MMU context lock
The MMU context_lock can be taken from switch_mm() while the rq->lock is held. The rq->lock can also be taken from interrupts, thus if we get interrupted in destroy_context() with the context lock held and that interrupt tries to take the rq->lock, there's a possible deadlock scenario with another CPU having the rq->lock and calling switch_mm() which takes our context lock. The fix is to always ensure interrupts are off when taking our context lock. The switch_mm() path is already good so this fixes the destroy_context() path. While at it, turn the context lock into a new style spinlock. Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
This commit is contained in:
parent
3035c8634f
commit
b46b6942b3
|
@ -46,7 +46,7 @@ static unsigned int next_context, nr_free_contexts;
|
||||||
static unsigned long *context_map;
|
static unsigned long *context_map;
|
||||||
static unsigned long *stale_map[NR_CPUS];
|
static unsigned long *stale_map[NR_CPUS];
|
||||||
static struct mm_struct **context_mm;
|
static struct mm_struct **context_mm;
|
||||||
static spinlock_t context_lock = SPIN_LOCK_UNLOCKED;
|
static DEFINE_SPINLOCK(context_lock);
|
||||||
|
|
||||||
#define CTX_MAP_SIZE \
|
#define CTX_MAP_SIZE \
|
||||||
(sizeof(unsigned long) * (last_context / BITS_PER_LONG + 1))
|
(sizeof(unsigned long) * (last_context / BITS_PER_LONG + 1))
|
||||||
|
@ -276,6 +276,7 @@ int init_new_context(struct task_struct *t, struct mm_struct *mm)
|
||||||
*/
|
*/
|
||||||
void destroy_context(struct mm_struct *mm)
|
void destroy_context(struct mm_struct *mm)
|
||||||
{
|
{
|
||||||
|
unsigned long flags;
|
||||||
unsigned int id;
|
unsigned int id;
|
||||||
|
|
||||||
if (mm->context.id == MMU_NO_CONTEXT)
|
if (mm->context.id == MMU_NO_CONTEXT)
|
||||||
|
@ -283,7 +284,7 @@ void destroy_context(struct mm_struct *mm)
|
||||||
|
|
||||||
WARN_ON(mm->context.active != 0);
|
WARN_ON(mm->context.active != 0);
|
||||||
|
|
||||||
spin_lock(&context_lock);
|
spin_lock_irqsave(&context_lock, flags);
|
||||||
id = mm->context.id;
|
id = mm->context.id;
|
||||||
if (id != MMU_NO_CONTEXT) {
|
if (id != MMU_NO_CONTEXT) {
|
||||||
__clear_bit(id, context_map);
|
__clear_bit(id, context_map);
|
||||||
|
@ -294,7 +295,7 @@ void destroy_context(struct mm_struct *mm)
|
||||||
context_mm[id] = NULL;
|
context_mm[id] = NULL;
|
||||||
nr_free_contexts++;
|
nr_free_contexts++;
|
||||||
}
|
}
|
||||||
spin_unlock(&context_lock);
|
spin_unlock_irqrestore(&context_lock, flags);
|
||||||
}
|
}
|
||||||
|
|
||||||
#ifdef CONFIG_SMP
|
#ifdef CONFIG_SMP
|
||||||
|
|
Loading…
Reference in New Issue