> I meant in this case (racing to access the same poisoned pages), the > page mapping should have been removed by and the hwpoison swap pte > installed by the winner thread? My "mutex" patch that Horiguchi-san has included his summary series should make this happen in most cases. Only problem is if the first thread runs into some error and does not complete unmapping the poison page from all other tasks. So the backup plan is to scan the page tables. >> Well, I did try a patch that removed *all* user mappings (switched CR3 to >> swapper_pgdir) and returned to user. Then have the resulting page fault >> report the address. But that didn't work very well. > Curious what didn't work well in this case? :-) Andy Lutomirski wasn't happy with the approach. It was specifically to cover the "kernel accesses poison more than once from get_user()". It doesn't generalize to the case where the user accessed the poison (because you'll just take the #PF on the instruction fetch ... everything is unmapped ... instead of on the original data access). -Tony
