git.kernelconcepts.de Git - karo-tx-linux.git/commit

author	Thomas Betker <thomas.betker@freenet.de>
	Wed, 17 Oct 2012 20:59:30 +0000 (22:59 +0200)
committer	Ben Hutchings <ben@decadent.org.uk>
	Thu, 6 Dec 2012 11:20:22 +0000 (11:20 +0000)
commit	e3bb00e3b611c48b83730c880d8406c35de5bb4b
tree	84d94ce7a104e7fc3c5a595b37b59e5eba4fe23d	tree \| snapshot
parent	c714d5ebaa83ad49965b17b5aa8c8e732b27b60d	commit \| diff

jffs2: Fix lock acquisition order bug in jffs2_write_begin

commit 5ffd3412ae5536a4c57469cb8ea31887121dcb2e upstream.

jffs2_write_begin() first acquires the page lock, then f->sem. This
causes an AB-BA deadlock with jffs2_garbage_collect_live(), which first
acquires f->sem, then the page lock:

jffs2_garbage_collect_live
    mutex_lock(&f->sem)                         (A)
    jffs2_garbage_collect_dnode
        jffs2_gc_fetch_page
            read_cache_page_async
                do_read_cache_page
                    lock_page(page)             (B)

jffs2_write_begin
    grab_cache_page_write_begin
        find_lock_page
            lock_page(page)                     (B)
    mutex_lock(&f->sem)                         (A)

We fix this by restructuring jffs2_write_begin() to take f->sem before
the page lock. However, we make sure that f->sem is not held when
calling jffs2_reserve_space(), as this is not permitted by the locking
rules.

The deadlock above was observed multiple times on an SoC with a dual
ARMv7 (Cortex-A9), running the long-term 3.4.11 kernel; it occurred
when using scp to copy files from a host system to the ARM target
system. The fix was heavily tested on the same target system.

Signed-off-by: Thomas Betker <thomas.betker@rohde-schwarz.com>
Acked-by: Joakim Tjernlund <Joakim.Tjernlund@transmode.se>
Signed-off-by: Artem Bityutskiy <artem.bityutskiy@linux.intel.com>
[bwh: Backported to 3.2:
- Adjust context
- Use D1(printk(KERN_DEBUG ...)) instead of jffs2_dbg(1, ...)]
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>