memcg: fix deadlock by inverting lrucare nesting

				       struct page *page,

				       unsigned int nr_pages,

				       struct page_cgroup *pc,

				       enum charge_type ctype)

				       enum charge_type ctype,

				       bool lrucare)

{

	struct zone *uninitialized_var(zone);

	bool was_on_lru = false;

	lock_page_cgroup(pc);

	if (unlikely(PageCgroupUsed(pc))) {

		unlock_page_cgroup(pc);

	 * we don't need page_cgroup_lock about tail pages, becase they are not

	 * accessed by any other context at this point.

	 */

	/*

	 * In some cases, SwapCache and FUSE(splice_buf->radixtree), the page

	 * may already be on some other mem_cgroup's LRU.  Take care of it.

	 */

	if (lrucare) {

		zone = page_zone(page);

		spin_lock_irq(&zone->lru_lock);

		if (PageLRU(page)) {

			ClearPageLRU(page);

			del_page_from_lru_list(zone, page, page_lru(page));

			was_on_lru = true;

		}

	}

	pc->mem_cgroup = memcg;

	/*

	 * We access a page_cgroup asynchronously without lock_page_cgroup().

		break;

	}

	if (lrucare) {

		if (was_on_lru) {

			VM_BUG_ON(PageLRU(page));

			SetPageLRU(page);

			add_page_to_lru_list(zone, page, page_lru(page));

		}

		spin_unlock_irq(&zone->lru_lock);

	}

	mem_cgroup_charge_statistics(memcg, PageCgroupCache(pc), nr_pages);

	unlock_page_cgroup(pc);

	WARN_ON_ONCE(PageLRU(page));

	/*

	 * "charge_statistics" updated event counter. Then, check it.

	 * Insert ancestor (and ancestor's ancestors), to softlimit RB-tree.

	ret = __mem_cgroup_try_charge(mm, gfp_mask, nr_pages, &memcg, oom);

	if (ret == -ENOMEM)

		return ret;

	__mem_cgroup_commit_charge(memcg, page, nr_pages, pc, ctype);

	__mem_cgroup_commit_charge(memcg, page, nr_pages, pc, ctype, false);

	return 0;

}

__mem_cgroup_commit_charge_swapin(struct page *page, struct mem_cgroup *ptr,

					enum charge_type ctype);

static void

__mem_cgroup_commit_charge_lrucare(struct page *page, struct mem_cgroup *memcg,

					enum charge_type ctype)

{

	struct page_cgroup *pc = lookup_page_cgroup(page);

	struct zone *zone = page_zone(page);

	unsigned long flags;

	bool removed = false;

	/*

	 * In some case, SwapCache, FUSE(splice_buf->radixtree), the page

	 * is already on LRU. It means the page may on some other page_cgroup's

	 * LRU. Take care of it.

	 */

	spin_lock_irqsave(&zone->lru_lock, flags);

	if (PageLRU(page)) {

		del_page_from_lru_list(zone, page, page_lru(page));

		ClearPageLRU(page);

		removed = true;

	}

	__mem_cgroup_commit_charge(memcg, page, 1, pc, ctype);

	if (removed) {

		add_page_to_lru_list(zone, page, page_lru(page));

		SetPageLRU(page);

	}

	spin_unlock_irqrestore(&zone->lru_lock, flags);

	return;

}

int mem_cgroup_cache_charge(struct page *page, struct mm_struct *mm,

				gfp_t gfp_mask)

{

__mem_cgroup_commit_charge_swapin(struct page *page, struct mem_cgroup *memcg,

					enum charge_type ctype)

{

	struct page_cgroup *pc;

	if (mem_cgroup_disabled())

		return;

	if (!memcg)

		return;

	cgroup_exclude_rmdir(&memcg->css);

	__mem_cgroup_commit_charge_lrucare(page, memcg, ctype);

	pc = lookup_page_cgroup(page);

	__mem_cgroup_commit_charge(memcg, page, 1, pc, ctype, true);

	/*

	 * Now swap is on-memory. This means this page may be

	 * counted both as mem and swap....double count.

		ctype = MEM_CGROUP_CHARGE_TYPE_CACHE;

	else

		ctype = MEM_CGROUP_CHARGE_TYPE_SHMEM;

	__mem_cgroup_commit_charge(memcg, newpage, 1, pc, ctype);

	__mem_cgroup_commit_charge(memcg, newpage, 1, pc, ctype, false);

	return ret;

}

	 * the newpage may be on LRU(or pagevec for LRU) already. We lock

	 * LRU while we overwrite pc->mem_cgroup.

	 */

	__mem_cgroup_commit_charge_lrucare(newpage, memcg, type);

	__mem_cgroup_commit_charge(memcg, newpage, 1, pc, type, true);

}

#ifdef CONFIG_DEBUG_VM