From: Andrew Lewycky <Andrew.Lewycky@xxxxxxx> This patch changes the location of the mmu_notifier_invalidate_page function call inside try_to_unmap_one. The mmu_notifier_invalidate_page function call tells the IOMMU that a pgae should be invalidated. The location is changed from after releasing the physical page to before releasing the physical page. This change should prevent the bug that would occur in the (rare) case where the GPU attempts to access a page while the CPU attempts to swap out that page (or discard it if it is not dirty). Signed-off-by: Andrew Lewycky <Andrew.Lewycky@xxxxxxx> Signed-off-by: Oded Gabbay <oded.gabbay@xxxxxxx> --- mm/rmap.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/mm/rmap.c b/mm/rmap.c index 196cd0c..73d4c3d 100644 --- a/mm/rmap.c +++ b/mm/rmap.c @@ -1231,13 +1231,17 @@ static int try_to_unmap_one(struct page *page, struct vm_area_struct *vma, } else dec_mm_counter(mm, MM_FILEPAGES); + pte_unmap_unlock(pte, ptl); + + mmu_notifier_invalidate_page(vma, address, event); + page_remove_rmap(page); page_cache_release(page); + return ret; + out_unmap: pte_unmap_unlock(pte, ptl); - if (ret != SWAP_FAIL && !(flags & TTU_MUNLOCK)) - mmu_notifier_invalidate_page(vma, address, event); out: return ret; -- 1.9.1 -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@xxxxxxxxx. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: <a href=mailto:"dont@xxxxxxxxx";> email@xxxxxxxxx </a>