Date: Tue, 20 Jan 2004 13:59:51 -0500 From: John Baldwin <jhb@FreeBSD.org> To: Matthew Dillon <dillon@apollo.backplane.com>, freebsd-hackers@freebsd.org Subject: Re: Possible sequencing bug in vmspace_exec() and vmspace_unshare(). Message-ID: <200401201356.08050.jhb@FreeBSD.org> In-Reply-To: <200401200935.i0K9Zedb007090@apollo.backplane.com> References: <200401200935.i0K9Zedb007090@apollo.backplane.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tuesday 20 January 2004 04:35 am, Matthew Dillon wrote: > This is the code: > > p->p_vmspace = newvmspace; > pmap_pinit2(vmspace_pmap(newvmspace)); > vmspace_free(oldvmspace); > if (p == curthread->td_proc) /* XXXKSE ? */ > pmap_activate(curthread); > > What I don't understand is how the old vmspace can possibly be freed > before the new map is activated. Wouldn't that clear out the pte's in > the active MMU mapping? There seems to be a small window of > opportunity where a TLB load could blow the kernel up. > > Shouldn't the vmspace_free() call occur after the pmap_activate()? Looks like it. It also seems that for vmspace_exec(), the operation is always done on the current proc, so that XXXKSE check should be a KASSERT() instead. Hmm, seems I moved the vmspace_free()'s to where they are now in rev 1.201 (they used to be before the pmap_init2() call) I just didn't move them far enough it seems. -- John Baldwin <jhb@FreeBSD.org> <>< http://www.FreeBSD.org/~jhb/ "Power Users Use the Power to Serve" = http://www.FreeBSD.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200401201356.08050.jhb>