On Wed, Dec 18, 2024 at 07:50:34AM -0800, Suren Baghdasaryan wrote: > I think vma_start_write() should be done inside > vms_gather_munmap_vmas() for __mmap_prepare() to work correctly: > > __mmap_prepare > vms_gather_munmap_vmas > vms_clean_up_area // clears PTEs > ... > __mmap_complete > vms_complete_munmap_vmas I'm unsure what exactly you mean; __split_vma() will start_write on the one that is broken up and the rest won't actually change until vms_complete_munmap_vmas(). > If we do not write-lock the vmas inside vms_gather_munmap_vmas(), we > will be clearing PTEs from under a discoverable vma. You will not. vms_complete_munmap_vmas() will call remove_vma() to remove PTEs IIRC, and if you do start_write() and detach() before dropping mmap_lock_write, you should be good. > There might be other places like this too but I think we can move > vma_mark_detach() like you suggested without moving vma_start_write() > and that should be enough. I really don't see why you can't move vma_start_write() -- note that by moving that after you've unhooked the vmas from the mm (which you have by that point) you get the sync point you wanted.
