* Nick Piggin <nickpiggin@xxxxxxxxxxxx> wrote:
couldnt the new pte be flipped in atomically via cmpxchg? That way we could do the page clearing close to where we are doing it now,
but without holding the mmap_sem.
We have nothing to pin the pte page with if we're not holding the mmap_sem.
why does it have to be pinned? The page is mostly private to this thread until it manages to flip it into the pte. Since there's no pte presence, there's no swapout possible [here i'm assuming anonymous malloc() memory, which is the main focus of Arjan's patch]. Any parallel unmapping of that page will be caught and the installation of the page will be prevented by the 'bit-spin-lock' embedded in the pte.
But even in that case, there is nothing in the mmu gather / tlb flush interface that guarantees an architecture cannot free the page table pages immediately (ie without waiting for the flush IPI). This would make sense on architectures that don't walk the page tables in hardware.
but the page wont be found by any other CPU, so it wont be freed! It is private to this CPU. The page has no pte presence. It will only be present and lookupable as a result of the cmpxchg() flipping the page into the pte.