Hi:
I have a question on drop_other_mm_ref.
Say another CPU B send IPI message to invalid a process P''mm, also
CPU A holds
P''mm, and in userspace, TLBstate is TLBSTATE_OK that is CPU A''
active_mm = P''mm.
When A receive B''s IPI message, line 1512 is true, thus will cause
BUG() in leave_mm().
Am I right? It looks like 1512 needs to change to
if ((active_mm == mm) && !mm) to allow only kernel thread can enter
leave_mm.
Any comments?
1502 #ifdef CONFIG_SMP
1503 /* Another cpu may still have their %cr3 pointing at the pagetable, so
1504 we need to repoint it somewhere else before we can unpin it. */
1505 static void drop_other_mm_ref(void *info)
1506 {
1507 struct mm_struct *mm = info;
1508 struct mm_struct *active_mm;
1509
1510 active_mm = percpu_read(cpu_tlbstate.active_mm);
1511
1512 if (active_mm == mm)
1513 leave_mm(smp_processor_id());
1514
1515 /* If this cpu still has a stale cr3 reference, then make sure
1516 it has been flushed. */
1517 if (percpu_read(xen_current_cr3) == __pa(mm->pgd))
1518 load_cr3(swapper_pg_dir);
1519 }
1520
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel