The problem is that if you have allocated one or several kernel pages
for a vm_area_struct, you can not free them in the vm_ops->close
operation since the count field of the pages is not 0 because they are
still mapped. The count will be cleared when zap_page_range is called.
This means that exit_mmap calls vm_ops->close and zap_page_range in the
reverse order of a normal execution of the process, that is when the
process unmap the area before dying.
It would be more deterministic and simple if vm_ops->close was always
called when all the pages of the area was unmapped.
PS: please can you CC'ed the answer to stephane.tessier@netinsight.se
-- Stephane Tessier Net Insight AB stephane.tessier@netinsight.se Västberga Allé 9 http://www.netinsight.se SE-126 30 Hägersten phone:+46-8-685 04 60 Sweden fax: +46-8-685 04 20 - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/