* Andrea Righi (andrea@xxxxxxxxxxxxxxx) wrote:
> The bug can be easily reproduced using the following testcase:
Thanks for the testcase.
> ========================
> #include <stdio.h>
> #include <stdlib.h>
> #include <unistd.h>
> #include <sys/mman.h>
>
> #define BUFSIZE getpagesize()
>
> int main(int argc, char **argv)
> {
> void *ptr;
>
> if (posix_memalign(&ptr, getpagesize(), BUFSIZE) < 0) {
> perror("posix_memalign");
> exit(1);
> }
> if (madvise(ptr, BUFSIZE, MADV_MERGEABLE) < 0) {
> perror("madvise");
> exit(1);
> }
> *(char *)NULL = 0;
>
> return 0;
> }
> ========================
>
> It seems that when a task segfaults mm_slot->mm becomes NULL, but it's
> still wrongly considered by the ksm scan. Is there a race with
> __ksm_exit()?
Hmm, wonder if khugepaged has the same issue too. We should be holding
a reference to ->mm, but we seem to have inconsistent serialization w/
mmap_sem. Hugh mentioned some of these concerns when introducing
ksm_exit.
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@xxxxxxxxxx For more info on Linux MM,
see: http://www.linux-mm.org/ .
Fight unfair telecom internet charges in Canada: sign http://stopthemeter.ca/
Don't email: <a href=mailto:"dont@xxxxxxxxx";> email@xxxxxxxxx </a>