aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorBenjamin Herrenschmidt <benh@kernel.crashing.org>2009-06-02 14:53:37 -0400
committerBenjamin Herrenschmidt <benh@kernel.crashing.org>2009-06-09 02:43:04 -0400
commitb46b6942b39e577fe3ef1af928cd927864011247 (patch)
tree8eea7316ac79fae34ee7fdbccc580fbac1589ff3
parent3035c8634f0538a0c6946e3191bb6c9284b63798 (diff)
powerpc/mm: Fix a AB->BA deadlock scenario with nohash MMU context lock
The MMU context_lock can be taken from switch_mm() while the rq->lock is held. The rq->lock can also be taken from interrupts, thus if we get interrupted in destroy_context() with the context lock held and that interrupt tries to take the rq->lock, there's a possible deadlock scenario with another CPU having the rq->lock and calling switch_mm() which takes our context lock. The fix is to always ensure interrupts are off when taking our context lock. The switch_mm() path is already good so this fixes the destroy_context() path. While at it, turn the context lock into a new style spinlock. Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
-rw-r--r--arch/powerpc/mm/mmu_context_nohash.c7
1 files changed, 4 insertions, 3 deletions
diff --git a/arch/powerpc/mm/mmu_context_nohash.c b/arch/powerpc/mm/mmu_context_nohash.c
index c42858780cbd..8343986809c0 100644
--- a/arch/powerpc/mm/mmu_context_nohash.c
+++ b/arch/powerpc/mm/mmu_context_nohash.c
@@ -46,7 +46,7 @@ static unsigned int next_context, nr_free_contexts;
46static unsigned long *context_map; 46static unsigned long *context_map;
47static unsigned long *stale_map[NR_CPUS]; 47static unsigned long *stale_map[NR_CPUS];
48static struct mm_struct **context_mm; 48static struct mm_struct **context_mm;
49static spinlock_t context_lock = SPIN_LOCK_UNLOCKED; 49static DEFINE_SPINLOCK(context_lock);
50 50
51#define CTX_MAP_SIZE \ 51#define CTX_MAP_SIZE \
52 (sizeof(unsigned long) * (last_context / BITS_PER_LONG + 1)) 52 (sizeof(unsigned long) * (last_context / BITS_PER_LONG + 1))
@@ -276,6 +276,7 @@ int init_new_context(struct task_struct *t, struct mm_struct *mm)
276 */ 276 */
277void destroy_context(struct mm_struct *mm) 277void destroy_context(struct mm_struct *mm)
278{ 278{
279 unsigned long flags;
279 unsigned int id; 280 unsigned int id;
280 281
281 if (mm->context.id == MMU_NO_CONTEXT) 282 if (mm->context.id == MMU_NO_CONTEXT)
@@ -283,7 +284,7 @@ void destroy_context(struct mm_struct *mm)
283 284
284 WARN_ON(mm->context.active != 0); 285 WARN_ON(mm->context.active != 0);
285 286
286 spin_lock(&context_lock); 287 spin_lock_irqsave(&context_lock, flags);
287 id = mm->context.id; 288 id = mm->context.id;
288 if (id != MMU_NO_CONTEXT) { 289 if (id != MMU_NO_CONTEXT) {
289 __clear_bit(id, context_map); 290 __clear_bit(id, context_map);
@@ -294,7 +295,7 @@ void destroy_context(struct mm_struct *mm)
294 context_mm[id] = NULL; 295 context_mm[id] = NULL;
295 nr_free_contexts++; 296 nr_free_contexts++;
296 } 297 }
297 spin_unlock(&context_lock); 298 spin_unlock_irqrestore(&context_lock, flags);
298} 299}
299 300
300#ifdef CONFIG_SMP 301#ifdef CONFIG_SMP