> I just checked and ia64 sets thread.task_size in SET_PERSONALITY() > which is just fine, similarly for ppc64. So I really wonder how > this problem can arise.
After rereading Anton's post on l-k I think the problem happens when a proc accesses (like read on /proc/*/cmdline) increases the reference count of a mm, then the mm exits, and then the other process reading /proc does the final mmput. Then the exit_mmap executes in the context of the other process. Maybe it would be best to just use a semaphore to synchronize this? [BTW there seem to be some other issues in this code; I'm currently together with someone else trying to track down a exit mm race that causes machine checks on K8 because an lazy mm task has page tables that are already freed and get overwritten by random data. Still haven't root caused it yet] -Andi
