#727 closed defect (invalid)
pt_mapping_remove needs TLB shootdown before freeing frames
| Reported by: | Jiří Zárevúcky | Owned by: | |
|---|---|---|---|
| Priority: | major | Milestone: | 0.7.2 |
| Component: | helenos/unspecified | Version: | mainline |
| Keywords: | Cc: | ||
| Blocker for: | Depends on: | ||
| See also: |
Description
pt_mapping_remove frees page table frames without any synchronization. This is incorrect on SMP systems. On some platfroms, intermediate page table addresses may be cached in TLB. On all platforms, a concurrent page table walk on another CPU could access page table contents after the frame has been recycled.
To solve this issue, the function needs to perform TLB shootdown after the empty page table is removed from the tree, but before it is freed.
Change History (2)
comment:1 by , 6 years ago
| Resolution: | → invalid |
|---|---|
| Status: | new → closed |
comment:2 by , 6 years ago
| Milestone: | → 0.7.2 |
|---|
Note:
See TracTickets
for help on using tickets.
Nope, I just misunderstood how TLB shootdown works. Ignore this.