Ok, here is a full dump of a free_pgtables() run that fails to clear out all the PMD's.
It gets called with this VMA list (each entry is a vm_start/vm_end tuple) [0x00010000:0x000a4000] [0x000b2000:0x000b8000] [0x000b8000:0x000de000] [0x70000000:0x7001a000] [0x70028000:0x7002a000] [0x7002c000:0x7006a000] [0x7006a000:0x7006c000] [0x7006c000:0x70084000] [0x70084000:0x70088000] [0x70088000:0x70094000] [0x70094000:0x70098000] [0x70098000:0x701da000] [0x701da000:0x701e8000] [0x701e8000:0x701f2000] [0x701f2000:0x701f4000] [0x701f4000:0x701fc000] [0x701fc000:0x70204000] [0x70204000:0x7020c000] [0x7020c000:0x7021e000] [0x7021e000:0x7022c000] [0x7022c000:0x70230000] [0x70230000:0x70232000] [0x70234000:0x7023e000] [0x7023e000:0x70244000] [0x70244000:0x7024e000] [0x70250000:0x7025a000] [0x7025a000:0x70260000] [0x70260000:0x7026c000] [0xefbfe000:0xefc28000] And then we start to iterate, here is the trace I got: free_pgd_range(addr[0x1000],end[0xde000],floor[0x0],ceiling[0x70000000]) free_pud_range(addr[0x0],end[0xde000],floor[0x0],ceiling[0x70000000]) free_pmd_range(addr[0],end[0xde000],floor[0x0],ceiling[0x70000000]) free_pte_range(addr[0x0],next[0xde000],end[0xde000]) /* nr_ptes-- */ free_pgd_range(addr[0x70000000],end[0x7026c000],floor[0x0],ceiling[0xefbfe000]) free_pud_range(addr[0x70000000],end[0x7026c000],floor[0x0],ceiling[0xef800000]) /* does not do free_pmd_range() for some reason) free_pgd_range(addr[0xefbfe000],end[0xefc28000],floor[0x0],ceiling[0x0]) free_pud_range(addr[0xef800000],end[0xefc28000],floor[0x0],ceiling[0x0]) /* also do not do free_pmd_range() */ Whoa, how does that work? We are calling free_pgtables() at exit_mmap() time with a 0 floor _and_ ceiling? Oh I see, the tests are against "ceiling - 1". Hmmm... - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
