It was a typo I menat "CPUs" ;).
Anyway now I see the point of the current code and it make sense to me.
Thanks for the explanation (thanks also to Manfred).
I suppose the smp-tlb-flush calls are supposed to be serialized by the
caller via the mm semaphore.
Unfortunately kswapd calls it without the mm semaphore and since the
smp-tlb-flush calls are not using atomic operations they seems racy to me.
Anyway kswapd seems buggy not only w.r.t. flush_tlb_page. The vmas can go
away under kswapd. Also the struct mm_struct seems to be able to go away
under kswapd. These lines:
atomic_inc(&best->mm_count);
ret = swap_out_mm(best, gfp_mask);
mmdrop(best);
seems to be not safe since the place where we increase the mm_count has
not more locking then the swap_out_mm core (it only has the big kernel
lock but we are used to drop mm without the big kernel lock).
Andrea
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/