On Fri, Dec 17, 2021 at 3:34 AM David Hildenbrand david@redhat.com wrote:
- If the child takes a read-only pin on such a page (i.e., FOLL_WRITE is not
- set) and then unmaps the target page, we have:
- page has mapcount == 1 and refcount > 1
All these games with mapcount makes me think this is still broken.
mapcount has been a horribly broken thing in the past, and I'm not convinced it's not a broken thing now.
vmf->page = vm_normal_page(vmf->vma, vmf->address, vmf->orig_pte);
if (vmf->page && PageAnon(vmf->page) && !PageKsm(vmf->page) &&
page_mapcount(vmf->page) > 1) {
What keeps the mapcount stable in here?
And I still believe that the whole notion that "COW should use mapcount" is pure and utter garbage.
If we are doing a COW, we need an *exclusive* access to the page. That is not mapcount, that is the page ref.
mapcount is insane, and I think this is making this worse again.
Linus