On Tue, Jan 25, 2005 at 11:24:41PM -0800, Andrew Morton wrote: > Andi Kleen <[EMAIL PROTECTED]> wrote: > > > > After rereading Anton's post on l-k I think the problem happens > > when a proc accesses (like read on /proc/*/cmdline) increases the > > reference count of a mm, then the mm exits, and then the other > > process reading /proc does the final mmput. Then the exit_mmap > > executes in the context of the other process. > > yup. This happens in quite a few places. Everything under mmput() needs > to understand that the mm isn't necessarily current's mm. I'm not sure > that introcuction of additional locking to prevent that would be very nice.
After thinking about it more I agree. Just replacing TASK_SIZE with something that depends on the mm is the best solution here. > (Could we null out current->mm during mmput() to catch buggy code, or would > that break the lazy-tlb code?) It wouldn't have caught TASK_SIZE anyways, I'm not sure how useful this is. -Andi
