On Thu, Apr 09, 2020 at 07:14:24AM -0700, Jacob Pan wrote: > > When the process is killed, mm release can happen before fds are > > released. If you look at do_exit() in kernel/exit.c: > > > > exit_mm() > > mmput() > > -> mmu release notifier > > ... > > exit_files() > > close_files() > > fput() > > exit_task_work() > > __fput() > > -> unbind() > > > So unbind is coming anyway, the difference in handling in mmu release > notifier is whether we silently drop DMA fault vs. reporting fault? Userspace can significantly delay the final fput triggering the unbind, the above is only for the trivial case where the process owning the mm_struct is the only process holding the fd. The destruction of a mm_struct should be treated the same as unmapping every vma in the process. The observable effect should be no different than munmap. Jason
