On Wed, 5 May 2010, Mel Gorman wrote: > > If the same_vma list is properly ordered then maybe something like the > following is allowed? Heh. This is the same logic I just sent out. However: > + anon_vma = page_rmapping(page); > + if (!anon_vma) > + return NULL; > + > + spin_lock(&anon_vma->lock); RCU should guarantee that this spin_lock() is valid, but: > + /* > + * Get the oldest anon_vma on the list by depending on the ordering > + * of the same_vma list setup by __page_set_anon_rmap > + */ > + avc = list_entry(&anon_vma->head, struct anon_vma_chain, same_anon_vma); We're not guaranteed that the 'anon_vma->head' list is non-empty. Somebody could have freed the list and the anon_vma and we have a stale 'page->anon_vma' (that has just not been _released_ yet). And shouldn't that be 'list_first_entry'? Or &anon_vma->head.next? How did that line actually work for you? Or was it just a "it boots", but no actual testing of the rmap walk? Linus -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@xxxxxxxxxx For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: <a href=mailto:"dont@xxxxxxxxx";> email@xxxxxxxxx </a>