On Wed, Dec 18, 2024 at 09:58:12AM -0800, Suren Baghdasaryan wrote: > And remove_vma will be just freeing the vmas. Is that correct? Yep. > I'm a bit confused because the original thinking was that > vma_mark_detached() would drop the last refcnt and if it's 0 we would > free the vma right there. If that's still what we want to do then I > think the above sequence should look like this: Right; sorry about that. So my initial objection to that extra sync was based on the reasons presented -- but having had to look at the unmap path again (my mm-foo is somewhat rusty, I've not done much the past few years) I realized that keeping a VMA alive beyond unmapping PTEs is just plain daft. So yes, back to your original semantics, but cleaned up to not need that extra sync point -- instead relying on the natural placement of vma_start_write() after unhooking from the mm. And not for reasons of the race, but for reasons of integrity -- VMA without PTEs is asking for more trouble.
