Quoting Umesh Nerlige Ramappa (2020-07-30 01:48:26) > @@ -3318,12 +3354,87 @@ static int i915_perf_release(struct inode *inode, struct file *file) > i915_perf_destroy_locked(stream); > mutex_unlock(&perf->lock); > > + /* > + * User could have multiple vmas from multiple mmaps. We want to zap > + * them all here. > + */ > + unmap_mapping_range(file->f_mapping, 0, -1, 1); I'd prefer to explicitly revoke the mapping before removing the stream->oa_buffer (i.e. at the start of the release before i915_perf_destroy). That way it takes far less thought to convince oneself that there is no window for accessing the stale PTE. Include a comment to explain that a fresh fault cannot occur as the mmap holds a reference to the stream (via the vma->vm_file), and so before the user's munmap, the stream cannot be destroy. -Chris _______________________________________________ Intel-gfx mailing list Intel-gfx@xxxxxxxxxxxxxxxxxxxxx https://lists.freedesktop.org/mailman/listinfo/intel-gfx
