On 13/12/19, 11:13 PM, "Steven Rostedt" srostedt@vmware.com wrote:
On Tue, 2019-12-10 at 23:12 +0530, Ajay Kaher wrote:
The x86 version of get_user_pages_fast() relies on disabled interrupts to synchronize gup_pte_range() between gup_get_pte(ptep); and get_page() against a parallel munmap. The munmap side nulls the pte, then flushes TLBs, then releases the page. As TLB flush is done synchronously via IPI disabling interrupts blocks the page release, and get_page(), which assumes existing reference on page, is thus safe. However when TLB flush is done by a hypercall, e.g. in a Xen PV guest, there is no blocking thanks to disabled interrupts, and get_page() can succeed on a page that was already freed or even reused.
That must have been hell to debug! Anyway, the rest looks good.
-- Steve
Thanks Steve for review. I will move page_ref_count() from 3rd patch to 5th patch and send globally.
- Ajay