On Thu, Aug 12, 2021 at 12:57:58PM +0100, David Howells wrote: I'm not quite sure why we need the refcount. > + refcount_set(&ki->ki_refcnt, 2); > + init_sync_kiocb(&ki->iocb, swap_file); > + ki->page = page; > + ki->iocb.ki_flags = IOCB_DIRECT | IOCB_SWAP; > + ki->iocb.ki_pos = page_file_offset(page); > + ki->iocb.ki_filp = get_file(swap_file); > + if (!synchronous) > + ki->iocb.ki_complete = swapfile_read_complete; > + > + iov_iter_bvec(&to, READ, &bv, 1, PAGE_SIZE); > + ret = swap_file->f_mapping->a_ops->direct_IO(&ki->iocb, &to); After submitting the IO here ... > + if (ret != -EIOCBQUEUED) > + swapfile_read_complete(&ki->iocb, ret, 0); We only touch the 'ki' here ... if the caller didn't call read_complete > + swapfile_put_kiocb(ki); Except for here, which is only touched in order to put the refcount. So why can't swapfile_read_complete() do the work of freeing the ki?
