On Tue, Sep 27, 2022 at 04:07:05PM +1000, Alistair Popple wrote: > That sounds good to me at least. I just noticed we introduced this exact > bug for device private/coherent pages when making their refcounts zero > based. Nothing currently takes pgmap->ref when a private/coherent page > is mapped. Therefore memunmap_pages() will complete and pgmap destroyed > while pgmap pages are still mapped. To kind of summarize this thread Either we should get the pgmap reference during the refcount = 1 flow, and put it during page_free() Or we should have the pgmap destroy sweep all the pages and wait for them to become ref == 0 I don't think we should have pgmap references randomly strewn all over the place. A positive refcount on the page alone must be enough to prove that the struct page exists and the pgmap is not destroyed. Every driver using pgmap needs something liek this, so I'd prefer it be in the pgmap code.. Jason
