zcache: fix deadlock condition
Dan Magenheimer [Wed, 25 Jan 2012 22:32:51 +0000 (14:32 -0800)]
I discovered this deadlock condition awhile ago working on RAMster
but it affects zcache as well.  The list spinlock must be
locked prior to the page spinlock and released after.  As
a result, the page copy must also be done while the locks are held.

Applies to 3.2.  Konrad, please push (via GregKH?)...
this is definitely a bug fix so need not be pushed during
a -rc0 window.

Signed-off-by: Dan Magenheimer <dan.magenheimer@oracle.com>
Acked-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

drivers/staging/zcache/zcache-main.c

index 642840c..ae0ed82 100644 (file)
@@ -358,8 +358,8 @@ static struct zbud_hdr *zbud_create(uint16_t client_id, uint16_t pool_id,
        if (unlikely(zbpg == NULL))
                goto out;
        /* ok, have a page, now compress the data before taking locks */
-       spin_lock(&zbpg->lock);
        spin_lock(&zbud_budlists_spinlock);
+       spin_lock(&zbpg->lock);
        list_add_tail(&zbpg->bud_list, &zbud_unbuddied[nchunks].list);
        zbud_unbuddied[nchunks].count++;
        zh = &zbpg->buddy[0];
@@ -389,12 +389,11 @@ init_zh:
        zh->oid = *oid;
        zh->pool_id = pool_id;
        zh->client_id = client_id;
-       /* can wait to copy the data until the list locks are dropped */
-       spin_unlock(&zbud_budlists_spinlock);
-
        to = zbud_data(zh, size);
        memcpy(to, cdata, size);
        spin_unlock(&zbpg->lock);
+       spin_unlock(&zbud_budlists_spinlock);
+
        zbud_cumul_chunk_counts[nchunks]++;
        atomic_inc(&zcache_zbud_curr_zpages);
        zcache_zbud_cumul_zpages++;