On Thu, Mar 22, 2018 at 10:34:08AM -0700, Yang Shi wrote: > On 3/21/18 10:29 AM, Matthew Wilcox wrote: > > Take the mmap_sem for write > > Find the VMA > > If the VMA is large(*) > > Mark the VMA as deleted > > Drop the mmap_sem > > zap all of the entries > > Take the mmap_sem > > Else > > zap all of the entries > > Continue finding VMAs > > Drop the mmap_sem > > > > Now we need to change everywhere which looks up a VMA to see if it needs > > to care the the VMA is deleted (page faults, eg will need to SIGBUS; mmap > > does not care; munmap will need to wait for the existing munmap operation > > The other question is why munmap need wait? If the other parallel munmap > finds the vma has been marked as "deleted", it just need return 0 as it > doesn't find vma. > > Currently do_munmap() does the below logic: > vma = find_vma(mm, start); > if (!vma) > return 0; At the point a munmap() returns, the area should be available for reuse. If another thread is still unmapping, it won't actually be available yet. We should wait for the other thread to finish before returning. There may be some other corner cases; like what to do if there's a partial unmap of a VMA, or a MAP_FIXED over part of an existing VMA. It's going to be safer to just wait for any conflicts to die down. It's not like real programs call munmap() on conflicting areas at the same time.
