On Mon, May 20, 2019 at 09:09:23AM +0300, Leon Romanovsky wrote: > From: Huy Nguyen <huyn@xxxxxxxxxxxx> > > In dereg_mr, ODP mkey is synced for page fault handler completion. > Therefore, there is no need for another synchronize_srcu in > destroy_mkey (called by dereg_mr->clean_mr). Nope. Now that we have advise_mr userspace can trigger any mkey at all to hit the prefetch handler and we must still use proper RCU protection on the write side of the radix tree, otherwise userspace can trigger an access after destroy situation. Jason
