On Tue, 27 Apr 2010 09:07:06 +0900 KAMEZAWA Hiroyuki <kamezawa.hiroyu@xxxxxxxxxxxxxx> wrote: > On Mon, 26 Apr 2010 23:37:58 +0100 > Mel Gorman <mel@xxxxxxxxx> wrote: > > > vma_adjust() is updating anon VMA information without any locks taken. > > In contrast, file-backed mappings use the i_mmap_lock and this lack of > > locking can result in races with page migration. During rmap_walk(), > > vma_address() can return -EFAULT for an address that will soon be valid. > > This leaves a dangling migration PTE behind which can later cause a BUG_ON > > to trigger when the page is faulted in. > > > > With the recent anon_vma changes, there can be more than one anon_vma->lock > > that can be taken in a anon_vma_chain but a second lock cannot be spinned > > upon in case of deadlock. Instead, the rmap walker tries to take locks of > > different anon_vma's. If the attempt fails, the operation is restarted. > > > > Signed-off-by: Mel Gorman <mel@xxxxxxxxx> > > Ok, acquiring vma->anon_vma->spin_lock always sounds very safe. > (but slow.) > > I'll test this, too. > > Reviewed-by: KAMEZAWA Hiroyuki <kamezawa.hiroyu@xxxxxxxxxxxxxx> > Sorry. reproduced. It seems the same bug before patch. mapcount 1 -> unmap -> remap -> mapcount 0. And it was SwapCache. Thanks, -Kame -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@xxxxxxxxxx For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: <a href=mailto:"dont@xxxxxxxxx";> email@xxxxxxxxx </a>