From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-fsdevel-owner@vger.kernel.org>
Received: from bombadil.infradead.org ([198.137.202.133]:33610 "EHLO
        bombadil.infradead.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1727595AbeJ0DQn (ORCPT
        <rfc822;linux-fsdevel@vger.kernel.org>);
        Fri, 26 Oct 2018 23:16:43 -0400
Date: Fri, 26 Oct 2018 11:38:33 -0700
From: Matthew Wilcox <willy@infradead.org>
To: Bart Van Assche <bvanassche@acm.org>
Cc: Alexander Viro <viro@zeniv.linux.org.uk>,
        linux-fsdevel@vger.kernel.org,
        Johannes Berg <johannes.berg@intel.com>,
        Peter Zijlstra <peterz@infradead.org>,
        Ingo Molnar <mingo@redhat.com>, Theodore Ts'o <tytso@mit.edu>
Subject: Re: [PATCH RFC] kernel/locking, fs/direct-io: Introduce and use
 down_write_nolockdep()
Message-ID: <20181026183833.GU25444@bombadil.infradead.org>
References: <20181026164905.214474-1-bvanassche@acm.org>
 <20181026174352.GT25444@bombadil.infradead.org>
 <1540577478.66186.108.camel@acm.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <1540577478.66186.108.camel@acm.org>
Sender: linux-fsdevel-owner@vger.kernel.org
List-ID: <linux-fsdevel.vger.kernel.org>

On Fri, Oct 26, 2018 at 11:11:18AM -0700, Bart Van Assche wrote:
> On Fri, 2018-10-26 at 10:43 -0700, Matthew Wilcox wrote:
> > On Fri, Oct 26, 2018 at 09:49:05AM -0700, Bart Van Assche wrote:
> > > diff --git a/mm/rmap.c b/mm/rmap.c
> > > index 1e79fac3186b..2a953d3b7431 100644
> > > --- a/mm/rmap.c
> > > +++ b/mm/rmap.c
> > > @@ -81,6 +81,7 @@ static inline struct anon_vma *anon_vma_alloc(void)
> > >  
> > >  	anon_vma = kmem_cache_alloc(anon_vma_cachep, GFP_KERNEL);
> > >  	if (anon_vma) {
> > > +		init_rwsem(&anon_vma->rwsem);
> > >  		atomic_set(&anon_vma->refcount, 1);
> > >  		anon_vma->degree = 1;	/* Reference for first vma */
> > >  		anon_vma->parent = anon_vma;
> > 
> > Why is this needed?  The anon_vma_ctor() already calls init_rwsem().
> > 
> > (I suspect this is one of those ctors that isn't actually useful and
> > should be inlined into anon_vma_alloc())
> 
> Without that call I noticed that the "nolockdep" variable was sometimes set
> when down_write() got called. Does that mean that it can happen that an
> anon_vma structure is freed without releasing anon_vma->rwsem?

How strange.  The only call to down_write_nolockdep() you added (in this
patch) was for the inode->i_mutex.  So how could that possibly affect
the anon_vma->rwsem?  Are you seeing some kind of corruption here?

Maybe try initialising ->nolockdep with some 32-bit magic value,
and reporting if it's not 0 or the magic value will lead to some kind
of insight?