From owner-cvs-all  Sun Dec 15 10:50: 6 2002
Delivered-To: cvs-all@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id C890F37B401; Sun, 15 Dec 2002 10:50:05 -0800 (PST)
Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 85ED443EB2; Sun, 15 Dec 2002 10:50:05 -0800 (PST)
	(envelope-from dillon@FreeBSD.org)
Received: from repoman.freebsd.org (localhost [127.0.0.1])
	by repoman.freebsd.org (8.12.6/8.12.6) with ESMTP id gBFIo5mV019301;
	Sun, 15 Dec 2002 10:50:05 -0800 (PST)
	(envelope-from dillon@repoman.freebsd.org)
Received: (from dillon@localhost)
	by repoman.freebsd.org (8.12.6/8.12.6/Submit) id gBFIo5vL019297;
	Sun, 15 Dec 2002 10:50:05 -0800 (PST)
Message-Id: <200212151850.gBFIo5vL019297@repoman.freebsd.org>
From: Matt Dillon <dillon@FreeBSD.org>
Date: Sun, 15 Dec 2002 10:50:05 -0800 (PST)
To: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org
Subject: cvs commit: src/sys/kern kern_exit.c src/sys/vm vm_map.c vm_map.h
X-FreeBSD-CVS-Branch: HEAD
Sender: owner-cvs-all@FreeBSD.ORG
Precedence: bulk
List-ID: <cvs-all.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20cvs-all>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20cvs-all>
X-Loop: FreeBSD.ORG

dillon      2002/12/15 10:50:05 PST

  Modified files:
    sys/kern             kern_exit.c 
    sys/vm               vm_map.c vm_map.h 
  Log:
  Fix a refcount race with the vmspace structure.  In order to prevent
  resource starvation we clean-up as much of the vmspace structure as we
  can when the last process using it exits.  The rest of the structure
  is cleaned up when it is reaped.  But since exit1() decrements the ref
  count it is possible for a double-free to occur if someone else, such as
  the process swapout code, references and then dereferences the structure.
  Additionally, the final cleanup of the structure should not occur until
  the last process referencing it is reaped.
  
  This commit solves the problem by introducing a secondary reference count,
  calling 'vm_exitingcnt'.  The normal reference count is decremented on exit
  and vm_exitingcnt is incremented.  vm_exitingcnt is decremented when the
  process is reaped.  When both vm_exitingcnt and vm_refcnt are 0, the
  structure is freed for real.
  
  MFC after:      3 weeks
  
  Revision  Changes    Path
  1.188     +8 -1      src/sys/kern/kern_exit.c
  1.275     +17 -6     src/sys/vm/vm_map.c
  1.93      +2 -2      src/sys/vm/vm_map.h

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message