Hi Andrea,
I suspect there's race with THP in __handle_mm_fault(). It's pure
theoretical and race window is small, but..
Consider following scenario:
- THP got allocated by other thread just before "pmd_none() &&
__pte_alloc()" check, so pmd_none() is false and we don't
allocate the page table.
- But before pmd_trans_huge() check the page got unmap by
MADV_DONTNEED in other thread.
- At this point we will call pte_offset_map() for pmd which is
pmd_none().
Nothing pleasant would happen after this...
Do you see anything what would prevent this scenario?
--
Kirill A. Shutemov
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@xxxxxxxxx. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@xxxxxxxxx";> email@xxxxxxxxx </a>