mm: swapoff: shmem_unuse() stop eviction without igrab()

	struct list_head	swaplist;	/* chain of maybes on swap */

	struct shared_policy	policy;		/* NUMA memory alloc policy */

	struct simple_xattrs	xattrs;		/* list of xattrs */

	atomic_t		stop_eviction;	/* hold when working on inode */

	struct inode		vfs_inode;

};

			}

			spin_unlock(&sbinfo->shrinklist_lock);

		}

		if (!list_empty(&info->swaplist)) {

		while (!list_empty(&info->swaplist)) {

			/* Wait while shmem_unuse() is scanning this inode... */

			wait_var_event(&info->stop_eviction,

				       !atomic_read(&info->stop_eviction));

			mutex_lock(&shmem_swaplist_mutex);

			/* ...but beware of the race if we peeked too early */

			if (!atomic_read(&info->stop_eviction))

				list_del_init(&info->swaplist);

			mutex_unlock(&shmem_swaplist_mutex);

		}

		unsigned long *fs_pages_to_unuse)

{

	struct shmem_inode_info *info, *next;

	struct inode *inode;

	struct inode *prev_inode = NULL;

	int error = 0;

	if (list_empty(&shmem_swaplist))

		return 0;

	mutex_lock(&shmem_swaplist_mutex);

	/*

	 * The extra refcount on the inode is necessary to safely dereference

	 * p->next after re-acquiring the lock. New shmem inodes with swap

	 * get added to the end of the list and we will scan them all.

	 */

	list_for_each_entry_safe(info, next, &shmem_swaplist, swaplist) {

		if (!info->swapped) {

			list_del_init(&info->swaplist);

			continue;

		}

		inode = igrab(&info->vfs_inode);

		if (!inode)

			continue;

		/*

		 * Drop the swaplist mutex while searching the inode for swap;

		 * but before doing so, make sure shmem_evict_inode() will not

		 * remove placeholder inode from swaplist, nor let it be freed

		 * (igrab() would protect from unlink, but not from unmount).

		 */

		atomic_inc(&info->stop_eviction);

		mutex_unlock(&shmem_swaplist_mutex);

		if (prev_inode)

			iput(prev_inode);

		prev_inode = inode;

		error = shmem_unuse_inode(inode, type, frontswap,

		error = shmem_unuse_inode(&info->vfs_inode, type, frontswap,

					  fs_pages_to_unuse);

		cond_resched();

		next = list_next_entry(info, swaplist);

		if (!info->swapped)

			list_del_init(&info->swaplist);

		if (atomic_dec_and_test(&info->stop_eviction))

			wake_up_var(&info->stop_eviction);

		if (error)

			break;

	}

	mutex_unlock(&shmem_swaplist_mutex);

	if (prev_inode)

		iput(prev_inode);

	return error;

}

		info = SHMEM_I(inode);

		memset(info, 0, (char *)inode - (char *)info);

		spin_lock_init(&info->lock);

		atomic_set(&info->stop_eviction, 0);

		info->seals = F_SEAL_SEAL;

		info->flags = flags & VM_NORESERVE;

		INIT_LIST_HEAD(&info->shrinklist);

	 * Under global memory pressure, swap entries can be reinserted back

	 * into process space after the mmlist loop above passes over them.

	 *

	 * Limit the number of retries? No: when shmem_unuse()'s igrab() fails,

	 * a shmem inode using swap is being evicted; and when mmget_not_zero()

	 * above fails, that mm is likely to be freeing swap from exit_mmap().

	 * Both proceed at their own independent pace: we could move them to

	 * separate lists, and wait for those lists to be emptied; but it's

	 * easier and more robust (though cpu-intensive) just to keep retrying.

	 * Limit the number of retries? No: when mmget_not_zero() above fails,

	 * that mm is likely to be freeing swap from exit_mmap(), which proceeds

	 * at its own independent pace; and even shmem_writepage() could have

	 * been preempted after get_swap_page(), temporarily hiding that swap.

	 * It's easy and robust (though cpu-intensive) just to keep retrying.

	 */

	if (si->inuse_pages) {

		if (!signal_pending(current))