On Tue, Aug 14, 2012 at 10:31:09PM +0300, Michael S. Tsirkin wrote: > > > now CPU1 executes the next instruction: > > > > > > } > > > > > > which would normally return to function's caller, > > > but it has been overwritten by CPU2 so we get corruption. > > > > > > No? > > > > At the point CPU2 is unloading the module, it will be kept looping at the > > snippet Rusty pointed out because the isolation / migration steps do not mess > > with 'vb->num_pages'. The driver will only unload after leaking the total amount > > of balloon's inflated pages, which means (for this hypothetical case) CPU2 will > > wait until CPU1 finishes the putaback procedure. > > > > Yes but only until unlock finishes. The last return from function > is not guarded and can be overwritten. CPU1 will be returning to putback_balloon_page() which code is located at core mm/compaction.c, outside the driver. -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@xxxxxxxxx. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: <a href=mailto:"dont@xxxxxxxxx";> email@xxxxxxxxx </a>