On Wed, Feb 20, 2019 at 05:29:24PM -0500, Jerome Glisse wrote: > > > > > > Yes it is safe, the hmm struct has its own refcount and mirror holds a > > > reference on it, the mm struct itself has a reference on the mm > > > struct. > > > > The issue here is that that hmm_mirror_unregister() must be a strong > > fence that guarentees no callback is running or will run after > > return. mmu_notifier_unregister did not provide that. > > > > I think I saw locking in hmm that was doing this.. > > So pattern is: > hmm_mirror_register(mirror); > > // Safe for driver to call within HMM with mirror no matter what > > hmm_mirror_unregister(mirror) > > // Driver must no stop calling within HMM, it would be a use after > // free scenario This statement is the opposite direction I want to know that HMM doesn't allow any driver callbacks to be running after unregister - because I am going to kfree mirror and other memory touched by the driver callbacks. Jason
