From: Andrea Arcangeli on
On Thu, Jul 22, 2010 at 09:16:44AM -0400, Rik van Riel wrote:
> On 07/22/2010 03:41 AM, KAMEZAWA Hiroyuki wrote:
> > Rik, how do you think ?
> >
> > ==
> > From: KAMEZAWA Hiroyuki<kamezawa.hiroyu(a)>
> >
> > Problem: wrong BUG_ON() in __page_set_anon_rmap().
> > Kernel version: mmotm-0719
> > Description:
> > Even if SwapCache is fully unmapped and mapcount goes down to 0,
> > page->mapping is not cleared and will remain on memory until kswapd or some
> > finds it. If a thread cause a page fault onto such "unmapped-but-not-discarded"
> > swapcache, it will see a swap cache whose mapcount is 0 but page->mapping has a
> > valid value.
> >
> > When it's reused at do_swap_page(), __page_set_anon_rmap() is called with
> > "exclusive==1" and hits BUG_ON(). But this BUG_ON() is wrong. Nothing bad
> > with rmapping a page which has page->mapping isn't 0.
> Yes, you are absolutely right.

I already noticed the problem when I merged your patch in aa.git
(before it would only be exclusive=0 in do_swap_page so it wasn't a
false positive), and I fixed it this way:;a=commitdiff;h=2fe4f42f0f17498984b3f86b2339d583004b45de;hp=ffd146080305632406d97c7f6f984a648854d755

So I retained the BUG_ON for the real page_add_anon_rmap. Maybe not
worth it but you can have a look at my solution if you're interested
to retain it too.
