On Fri, Jul 11, 2014 at 12:53:26AM +0300, Oded Gabbay wrote:
> mm/rmap.c | 8 ++++++--
> 1 file changed, 6 insertions(+), 2 deletions(-)
>
> diff --git a/mm/rmap.c b/mm/rmap.c
> index 196cd0c..73d4c3d 100644
> --- a/mm/rmap.c
> +++ b/mm/rmap.c
> @@ -1231,13 +1231,17 @@ static int try_to_unmap_one(struct page *page, struct
> vm_area_struct *vma,
> } else
> dec_mm_counter(mm, MM_FILEPAGES);
>
> + pte_unmap_unlock(pte, ptl);
> +
> + mmu_notifier_invalidate_page(vma, address, event);
> +
> page_remove_rmap(page);
> page_cache_release(page);
>
> + return ret;
> +
> out_unmap:
> pte_unmap_unlock(pte, ptl);
> - if (ret != SWAP_FAIL && !(flags & TTU_MUNLOCK))
> - mmu_notifier_invalidate_page(vma, address, event);
> out:
> return ret;
I think there is no bug. In that function the page is just unmapped,
removed from the rmap (page_remove_rmap), and the LRU list
(page_cache_release). The page itself is not released in this function,
so the call mmu_notifier_invalidate_page() at the end is fine.
Joerg
