Hi! >From looking at the source code, it looks to me as if using MADV_PAGEOUT on a CoW anonymous mapping will page out the page if possible, even if other processes still have the same page mapped. Is that correct? If so, that's probably bad in environments where many processes (with different privileges) are forked from a single zygote process (like Android and Chrome), I think? If you accidentally call it on a CoW anonymous mapping with shared pages, you'll degrade the performance of other processes. And if an attacker does it intentionally, they could use that to aid with exploiting race conditions or weird microarchitectural stuff (e.g. the new https://lviattack.eu/lvi.pdf talks about "the assumption that attackers can provoke page faults or microcode assists for (arbitrary) load operations in the victim domain"). Should madvise_cold_or_pageout_pte_range() maybe refuse to operate on pages with mapcount>1, or something like that? Or does it already do that, and I just missed the check?
