Andi Kleen <[EMAIL PROTECTED]> wrote: > > After rereading Anton's post on l-k I think the problem happens > when a proc accesses (like read on /proc/*/cmdline) increases the > reference count of a mm, then the mm exits, and then the other > process reading /proc does the final mmput. Then the exit_mmap > executes in the context of the other process.
yup. This happens in quite a few places. Everything under mmput() needs to understand that the mm isn't necessarily current's mm. I'm not sure that introcuction of additional locking to prevent that would be very nice. (Could we null out current->mm during mmput() to catch buggy code, or would that break the lazy-tlb code?)
