Linus Torvalds writes: (Summary) I'm surprised that
try_to_unmap_one didn't hold any locks earlier.
try_to_unmap_one didn't hold any locks earlier.
In fact, I think at least some of them *did* already hold the page table locks: ptep_clear_flush_young_notify() and friends very much should have always held them.
should have always held them.
So it's literally just that mmu_notifier_invalidate_page() call that used to be outside all the locks, but honestly, I think that was always a bug. It means that you got notified of the page removal *after* the page was already gone and all locks had been released, so a completely *different* page could already have been mapped to that address.
address.
So I think the old code was always broken exactly because the callback wasn't serialized with the actual action.
wasn't serialized with the actual action.
So surrounding it with start/end _should_ make KVM happy.
try_to_unmap_one didn't hold any locks earlier.
In fact, I think at least some of them *did* already hold the page table locks: ptep_clear_flush_young_notify() and friends very much should have always held them.
should have always held them.
So it's literally just that mmu_notifier_invalidate_page() call that used to be outside all the locks, but honestly, I think that was always a bug. It means that you got notified of the page removal *after* the page was already gone and all locks had been released, so a completely *different* page could already have been mapped to that address.
address.
So I think the old code was always broken exactly because the callback wasn't serialized with the actual action.
wasn't serialized with the actual action.
[...]
assume the worse for the range of address.So surrounding it with start/end _should_ make KVM happy.