On Fri, 2016-08-05 at 15:37 +0200, Sebastian Andrzej Siewior wrote:
> 
> +++ b/arch/x86/include/asm/tlbflush.h
> @@ -135,7 +135,14 @@ static inline void
> cr4_set_bits_and_update_boot(unsigned long mask)
>  
>  static inline void __native_flush_tlb(void)
>  {
> +	/*
> +	 * if current->mm == NULL then we borrow a mm which may
> change during a
> +	 * task switch and therefore we must not be preempted while
> we write CR3
> +	 * back.
> +	 */
> +	preempt_disable();
>  	native_write_cr3(native_read_cr3());
> +	preempt_enable();
>  }

That is one subtle race!

Acked-by: Rik van Riel <riel@redhat.com>

-- 

All Rights Reversed.