I'm not sure if I'm completely missing something here, but AFAIKS the reference to the mysterious "COW SMC race" confuses the issue. The original changelog and mailing list thread didn't help me either.
This SMC race is where the problem was detected, but isn't the general problem bigger and more obvious: that the new PTE could be picked up at any time by any TLB while entries for the old PTE exist in other TLBs before the TLB flush takes effect?
The case where the iTLB and dTLB of a CPU are pointing at different pages is an interesting one but follows from the general problem.
The other (minor) thing with the comment I think it makes it a bit clearer to say what the old code was doing (i.e., it avoids the race as opposed to what?).
References: 4ce072f1faf29 ("mm: fix a race condition under SMC + COW") Link: https://email@example.com
111fe7186b29 mm: generalise COW SMC TLB flushing race comment
mm/memory.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)