On Fri, Dec 17, 2021 at 3:34 AM David Hildenbrand <david@xxxxxxxxxx> wrote:
>
> + * If the child takes a read-only pin on such a page (i.e., FOLL_WRITE is not
> + * set) and then unmaps the target page, we have:
> + *
> + * * page has mapcount == 1 and refcount > 1
All these games with mapcount makes me think this is still broken.
mapcount has been a horribly broken thing in the past, and I'm not
convinced it's not a broken thing now.
> + vmf->page = vm_normal_page(vmf->vma, vmf->address, vmf->orig_pte);
> + if (vmf->page && PageAnon(vmf->page) && !PageKsm(vmf->page) &&
> + page_mapcount(vmf->page) > 1) {
What keeps the mapcount stable in here?
And I still believe that the whole notion that "COW should use
mapcount" is pure and utter garbage.
If we are doing a COW, we need an *exclusive* access to the page. That
is not mapcount, that is the page ref.
mapcount is insane, and I think this is making this worse again.
Linus
