From: Jan Kara Subject: ocfs2: Fix possible deadlock in quota recovery Patch-mainline: 2.6.31 In ocfs2_finish_quota_recovery() we acquired global quota file lock and started recovering local quota file. During this process we need to get quota structures, which calls ocfs2_dquot_acquire() which gets global quota file lock again. This second lock can block in case some other node has requested the quota file lock in the mean time. Fix the problem by moving quota file locking down into the function where it is really needed. Then dqget() or dqput() won't be called with the lock held. Signed-off-by: Jan Kara --- fs/ocfs2/quota_local.c | 16 +++++++++------- 1 files changed, 9 insertions(+), 7 deletions(-) Index: linux-2.6.27-SLE11_BRANCH/fs/ocfs2/quota_local.c =================================================================== --- linux-2.6.27-SLE11_BRANCH.orig/fs/ocfs2/quota_local.c 2009-07-16 13:16:27.000000000 +0200 +++ linux-2.6.27-SLE11_BRANCH/fs/ocfs2/quota_local.c 2009-07-16 13:20:05.000000000 +0200 @@ -438,10 +438,6 @@ mlog_entry("ino=%lu type=%u", (unsigned long)lqinode->i_ino, type); - status = ocfs2_lock_global_qf(oinfo, 1); - if (status < 0) - goto out; - list_for_each_entry_safe(rchunk, next, &(rec->r_list[type]), rc_list) { chunk = rchunk->rc_chunk; hbh = ocfs2_bread(lqinode, ol_quota_chunk_block(sb, chunk), @@ -471,12 +467,18 @@ type); goto out_put_bh; } + status = ocfs2_lock_global_qf(oinfo, 1); + if (status < 0) { + mlog_errno(status); + goto out_put_dquot; + } + handle = ocfs2_start_trans(OCFS2_SB(sb), OCFS2_QSYNC_CREDITS); if (IS_ERR(handle)) { status = PTR_ERR(handle); mlog_errno(status); - goto out_put_dquot; + goto out_drop_lock; } mutex_lock(&sb_dqopt(sb)->dqio_mutex); spin_lock(&dq_data_lock); @@ -514,6 +516,8 @@ out_commit: mutex_unlock(&sb_dqopt(sb)->dqio_mutex); ocfs2_commit_trans(OCFS2_SB(sb), handle); +out_drop_lock: + ocfs2_unlock_global_qf(oinfo, 1); out_put_dquot: dqput(dquot); out_put_bh: @@ -528,8 +532,6 @@ if (status < 0) break; } - ocfs2_unlock_global_qf(oinfo, 1); -out: if (status < 0) free_recovery_list(&(rec->r_list[type])); mlog_exit(status);