On Mon, Feb 28, 2011 at 04:05:48PM +0100, Peter Zijlstra wrote: > On Mon, 2011-02-28 at 14:57 +0000, Russell King wrote: > > On Mon, Feb 28, 2011 at 03:18:47PM +0100, Peter Zijlstra wrote: > > > On Mon, 2011-02-28 at 12:44 +0100, Peter Zijlstra wrote: > > > > unmap_region() > > > > tlb_gather_mmu() > > > > unmap_vmas() > > > > for (; vma; vma = vma->vm_next) > > > > unmao_page_range() > > > > tlb_start_vma() -> flush cache range > > > > > > So why is this correct? Can't we race with a concurrent access to the > > > memory region (munmap() vs other thread access race)? While > > > unmap_region() callers will have removed the vma from the tree so faults > > > will not be satisfied, TLBs might still be present and allow us to > > > access the memory and thereby reloading it in the cache. > > > > It is my understanding that code sections between tlb_gather_mmu() and > > tlb_finish_mmu() are non-preemptible - that was the case once upon a > > time when this stuff first appeared. > > It is still so, but that doesn't help with SMP. The case mentioned above > has two threads running, one doing munmap() and the other is poking at > the memory being unmapped. Luckily its a no-op on SMP capable CPUs (and actually is also a no-op on any PIPT or VIPT ARM CPU.) -- Russell King Linux kernel 2.6 ARM Linux - http://www.arm.linux.org.uk/ maintainer of: -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@xxxxxxxxxx For more info on Linux MM, see: http://www.linux-mm.org/ . Fight unfair telecom internet charges in Canada: sign http://stopthemeter.ca/ Don't email: <a href=mailto:"dont@xxxxxxxxx";> email@xxxxxxxxx </a>