On Tue, 2019-12-10 at 23:12 +0530, Ajay Kaher wrote: > The x86 version of get_user_pages_fast() relies on disabled interrupts to > synchronize gup_pte_range() between gup_get_pte(ptep); and get_page() against > a parallel munmap. The munmap side nulls the pte, then flushes TLBs, then > releases the page. As TLB flush is done synchronously via IPI disabling > interrupts blocks the page release, and get_page(), which assumes existing > reference on page, is thus safe. > However when TLB flush is done by a hypercall, e.g. in a Xen PV guest, there is > no blocking thanks to disabled interrupts, and get_page() can succeed on a page > that was already freed or even reused. That must have been hell to debug! Anyway, the rest looks good. -- Steve
