Will the implementation of mremap free all physical pages ?
by huang-jl from LinuxQuestions.org on (#6CGNJ)
Recently, I am reading the memory management part of linux kernel code (the version I am reading is 4.10). I find that mremap is strange.
In short, sys_mremap() will call move_vma(), which basically will do the following:
1. copy_vma()
2. move_page_tables()
3. do_munmap()
The step 1 and 2 are easy to understand, they just copy from the old memory mapping into the new mapping. However, they do not increment the refcount of struct page while copying to new memory mapping in these two steps (I do not find it in source code).
Then in step 3, kernel will unmap the old mappings. It iterates every vma and every pages, decrement the refcount of struct page and finally call tlb_flush_mmu_free() to free all pages.
My question is:
1. if the kernel implement mremap like this, the following access to the pages will cause page fault?
2. why kernel does not increment the refcount when move_vma()? It will keep pages in memory after mremap and will not casue the unnecessary page fault.
3. What about anonymous and private mapped pages? How can user access the content after this kind of pages has been freed?
In short, sys_mremap() will call move_vma(), which basically will do the following:
1. copy_vma()
2. move_page_tables()
3. do_munmap()
The step 1 and 2 are easy to understand, they just copy from the old memory mapping into the new mapping. However, they do not increment the refcount of struct page while copying to new memory mapping in these two steps (I do not find it in source code).
Then in step 3, kernel will unmap the old mappings. It iterates every vma and every pages, decrement the refcount of struct page and finally call tlb_flush_mmu_free() to free all pages.
My question is:
1. if the kernel implement mremap like this, the following access to the pages will cause page fault?
2. why kernel does not increment the refcount when move_vma()? It will keep pages in memory after mremap and will not casue the unnecessary page fault.
3. What about anonymous and private mapped pages? How can user access the content after this kind of pages has been freed?