Date: Sun, 15 Dec 2002 10:50:05 -0800 (PST) From: Matt Dillon <dillon@FreeBSD.org> To: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: src/sys/kern kern_exit.c src/sys/vm vm_map.c vm_map.h Message-ID: <200212151850.gBFIo5vL019297@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
dillon 2002/12/15 10:50:05 PST
Modified files:
sys/kern kern_exit.c
sys/vm vm_map.c vm_map.h
Log:
Fix a refcount race with the vmspace structure. In order to prevent
resource starvation we clean-up as much of the vmspace structure as we
can when the last process using it exits. The rest of the structure
is cleaned up when it is reaped. But since exit1() decrements the ref
count it is possible for a double-free to occur if someone else, such as
the process swapout code, references and then dereferences the structure.
Additionally, the final cleanup of the structure should not occur until
the last process referencing it is reaped.
This commit solves the problem by introducing a secondary reference count,
calling 'vm_exitingcnt'. The normal reference count is decremented on exit
and vm_exitingcnt is incremented. vm_exitingcnt is decremented when the
process is reaped. When both vm_exitingcnt and vm_refcnt are 0, the
structure is freed for real.
MFC after: 3 weeks
Revision Changes Path
1.188 +8 -1 src/sys/kern/kern_exit.c
1.275 +17 -6 src/sys/vm/vm_map.c
1.93 +2 -2 src/sys/vm/vm_map.h
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200212151850.gBFIo5vL019297>