[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Xen-devel] a question of drop_other_mm_ref
- To: xen devel <xen-devel@xxxxxxxxxxxxxxxxxxx>
- From: MaoXiaoyun <tinnycloud@xxxxxxxxxxx>
- Date: Mon, 25 Apr 2011 15:20:12 +0800
- Delivery-date: Mon, 25 Apr 2011 00:22:08 -0700
- Importance: Normal
- List-id: Xen developer discussion <xen-devel.lists.xensource.com>
Hi:
I have a question on drop_other_mm_ref.
Say another CPU B send IPI message to invalid a process P'mm, also CPU A holds
P'mm, and in userspace, TLBstate is TLBSTATE_OK that is CPU A' active_mm = P'mm.
When A receive B's IPI message, line 1512 is true, thus will cause BUG() in leave_mm().
Am I right? It looks like 1512 needs to change to
if ((active_mm == mm) && !mm) to allow only kernel thread can enter leave_mm.
Any comments?
1502 #ifdef CONFIG_SMP
1503 /* Another cpu may still have their %cr3 pointing at the pagetable, so
1504 we need to repoint it somewhere else before we can unpin it. */
1505 static void drop_other_mm_ref(void *info)
1506 {
1507 struct mm_struct *mm = info;
1508 struct mm_struct *active_mm;
1509
1510 active_mm = percpu_read(cpu_tlbstate.active_mm);
1511
1512 if (active_mm == mm) &nb
sp;
1513 leave_mm(smp_processor_id());
1514
1515 /* If this cpu still has a stale cr3 reference, then make sure
1516 it has been flushed. */
1517 if (percpu_read(xen_current_cr3) == __pa(mm->pgd))
1518 load_cr3(swapper_pg_dir);
1519 }
1520
|
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
|
