Re: [Bug 3.4.5] reiserfs: mutex_destroy called with locked mutex

[Al Viro]

On Wed, Jul 18, 2012 at 02:25:02PM -0700, Linus Torvalds wrote:
> On Wed, Jul 18, 2012 at 2:20 PM, Al Viro <viro@xxxxxxxxxxxxxxxxxx> wrote:
> > On Wed, Jul 18, 2012 at 09:26:57AM -0700, Linus Torvalds wrote:
> >>
> >> So I don't think the freeing code could trigger, but a concurrent
> >> lookup then trying to look up the new directory (and taking the new
> >> directory i_semaphore lock) could happen, afaik.
> >
> > Umm...  The thing is, we'd get WARN_ON() in iput_final() triggering in
> > that scenario before lockdep could complain.
> 
> Not for the "look up directory in the dcache, and then lock that
> inode" case, afaik. You'd get the lock before iput_final(), no?
> 
> So then "unlock_new_inode()" would run with the inode mutex held,
> which could explain the lockdep warning, no?

Umm..  Right you are, I was thinking about the "can the freeing code
actually trigger".  OK; I'm still not sure this should go in before
-final, but it could be the reason behind those (false positive)
warnings from lockdep.  Could probably step into something nasty
around e.g. writeback or quota, so maybe it's worth doing just in
case...

It's definitely the right thing to do wrt not giving the rest of the
VFS/VM nasty surprises - everything might work correctly with IO
coming on such still-I_NEW-and-locked inode, but that's not a case
that will be often considered when modifying code.  The only questions
are "is this the WARN_ON() Knut had stepped on" (and I agree with your
scenario now) and "is it critical enough to shove it into the tree
less than a week before -final".  Up to you...
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/