[PATCH RESEND] jffs2: Fix lock acquisition order bug in jffs2_write_begin
Joakim Tjernlund
joakim.tjernlund at transmode.se
Wed Oct 10 02:58:06 EDT 2012
>
> jffs2_write_begin() first acquires the page lock, then f->sem. This causes an AB-BA deadlock with jffs2_garbage_collect_live(), which first acquires f->sem, then the page lock:
>
> jffs2_garbage_collect_live
> mutex_lock(&f->sem) (A)
> jffs2_garbage_collect_dnode
> jffs2_gc_fetch_page
> read_cache_page_async
> do_read_cache_page
> lock_page(page) (B)
>
> jffs2_write_begin
> grab_cache_page_write_begin
> find_lock_page
> lock_page(page) (B)
> mutex_lock(&f->sem) (A)
>
> We fix this by restructuring jffs2_write_begin() to take f->sem before the page lock. However, we make sure that f->sem is not held when calling jffs2_reserve_space(), as this is not permitted by the locking rules.
>
> The deadlock above was observed multiple times on an SoC with a dual ARMv7 (Cortex-A9), running the long-term 3.4.11 kernel; it occurred when using scp to copy files from a host system to the ARM target system. The fix was heavily tested on the same target system.
>
> If the patch is accepted, please get it also pushed to 3.4; it applies cleanly both to linux-mtd.git and the current linux-3.4 tree.
>
> Cc: Joakim Tjernlund <Joakim.Tjernlund at transmode.se>
> Signed-off-by: Thomas Betker <thomas.betker at rohde-schwarz.com>
Acked-by: Joakim Tjernlund <Joakim.Tjernlund at transmode.se>
David, are you happy with this?
Jocke
More information about the linux-mtd
mailing list