Hi, In do_anonymous_page(), a new page is allocated and zeroed, and the corresponding page struct is initialised (setting flags PageUptodate, PageSwapBacked, etc. and initialising the various counters). Then, set_pte_at() is called directly without calling smp_wmb() to make the updates above visible on other CPUs. This could race with a page table walker. The walker can read the new pte and try to access the page struct or the page content before the changes above were made visible. The reason I thought about this is because of the comment in pmd_install(), which describes exactly the same situation, so I wondered why the same thing is not considered in do_anonymous_page(). I might probably be missing something, but I would love to hear your comments. Cheers Karim
