Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 21 Dec 2002 19:21:57 -0500
From:      Jake Burkholder <jake@locore.ca>
To:        Matt Dillon <dillon@FreeBSD.org>
Cc:        cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org
Subject:   Re: cvs commit: src/sys/kern kern_exit.c src/sys/vm vm_map.c vm_map.h
Message-ID:  <20021221192157.B25630@locore.ca>
In-Reply-To: <200212151850.gBFIo5vL019297@repoman.freebsd.org>; from dillon@FreeBSD.org on Sun, Dec 15, 2002 at 10:50:05AM -0800
References:  <200212151850.gBFIo5vL019297@repoman.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
Apparently, On Sun, Dec 15, 2002 at 10:50:05AM -0800,
	Matt Dillon said words to the effect of;

> dillon      2002/12/15 10:50:05 PST
> 
>   Modified files:
>     sys/kern             kern_exit.c 
>     sys/vm               vm_map.c vm_map.h 
>   Log:
>   Fix a refcount race with the vmspace structure.  In order to prevent
>   resource starvation we clean-up as much of the vmspace structure as we
>   can when the last process using it exits.  The rest of the structure
>   is cleaned up when it is reaped.  But since exit1() decrements the ref
>   count it is possible for a double-free to occur if someone else, such as
>   the process swapout code, references and then dereferences the structure.
>   Additionally, the final cleanup of the structure should not occur until
>   the last process referencing it is reaped.
>   
>   This commit solves the problem by introducing a secondary reference count,
>   calling 'vm_exitingcnt'.  The normal reference count is decremented on exit
>   and vm_exitingcnt is incremented.  vm_exitingcnt is decremented when the
>   process is reaped.  When both vm_exitingcnt and vm_refcnt are 0, the
>   structure is freed for real.

Will you merge this change into RELENG_5_0 as well?  The bug still exists
there I think and needs to be fixed for 5.0-R.

Thanks,
Jake

>   
>   MFC after:      3 weeks
>   
>   Revision  Changes    Path
>   1.188     +8 -1      src/sys/kern/kern_exit.c
>   1.275     +17 -6     src/sys/vm/vm_map.c
>   1.93      +2 -2      src/sys/vm/vm_map.h

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20021221192157.B25630>