On Mon, Feb 28, 2011 at 03:18:47PM +0100, Peter Zijlstra wrote: > On Mon, 2011-02-28 at 12:44 +0100, Peter Zijlstra wrote: > > unmap_region() > > tlb_gather_mmu() > > unmap_vmas() > > for (; vma; vma = vma->vm_next) > > unmao_page_range() > > tlb_start_vma() -> flush cache range > > So why is this correct? Can't we race with a concurrent access to the > memory region (munmap() vs other thread access race)? While > unmap_region() callers will have removed the vma from the tree so faults > will not be satisfied, TLBs might still be present and allow us to > access the memory and thereby reloading it in the cache. It is my understanding that code sections between tlb_gather_mmu() and tlb_finish_mmu() are non-preemptible - that was the case once upon a time when this stuff first appeared. If that's changed then that change has introduced an unnoticed bug. -- Russell King Linux kernel 2.6 ARM Linux - http://www.arm.linux.org.uk/ maintainer of: -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@xxxxxxxxxx For more info on Linux MM, see: http://www.linux-mm.org/ . Fight unfair telecom internet charges in Canada: sign http://stopthemeter.ca/ Don't email: <a href=mailto:"dont@xxxxxxxxx";> email@xxxxxxxxx </a>