On Sun 26-05-13 06:50:46, Max Filippov wrote:
> Hello arch and mm people.
>
> Is it intentional that threads of a process that invoked munmap syscall
> can see TLB entries pointing to already freed pages, or it is a bug?
>
> I'm talking about zap_pmd_range and zap_pte_range:
>
> zap_pmd_range
> zap_pte_range
> arch_enter_lazy_mmu_mode
> ptep_get_and_clear_full
> tlb_remove_tlb_entry
> __tlb_remove_page
> arch_leave_lazy_mmu_mode
> cond_resched
>
> With the default arch_{enter,leave}_lazy_mmu_mode, tlb_remove_tlb_entry
> and __tlb_remove_page there is a loop in the zap_pte_range that clears
> PTEs and frees corresponding pages,
The page is not freed at that time (at least not for the generic
mmu_gather implementation). It is stored into mmu_gather and then freed
along with the tlb flush in tlb_flush_mmu.
[...]
--
Michal Hocko
SUSE Labs
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@xxxxxxxxx. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@xxxxxxxxx";> email@xxxxxxxxx </a>