From owner-freebsd-current Thu Apr 5 15: 1: 5 2001 Delivered-To: freebsd-current@freebsd.org Received: from khavrinen.lcs.mit.edu (khavrinen.lcs.mit.edu [18.24.4.193]) by hub.freebsd.org (Postfix) with ESMTP id A715E37B443; Thu, 5 Apr 2001 15:01:00 -0700 (PDT) (envelope-from wollman@khavrinen.lcs.mit.edu) Received: (from wollman@localhost) by khavrinen.lcs.mit.edu (8.9.3/8.9.3) id SAA71985; Thu, 5 Apr 2001 18:00:57 -0400 (EDT) (envelope-from wollman) Date: Thu, 5 Apr 2001 18:00:57 -0400 (EDT) From: Garrett Wollman Message-Id: <200104052200.SAA71985@khavrinen.lcs.mit.edu> To: John Baldwin Cc: current@FreeBSD.ORG Subject: RE: selwakeup() In-Reply-To: References: Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG < said: > As a safety check we should probably zero the pid right before zfree()'ing a > proc in wait() however, so that a stale pointer to a free'd process doesn't > have a valid pid if we do this. Should not be necessary. Here is the logic: p = sip->si_p; mtx_lock_spin(&sched_lock); if (p->p_stat != SZOMB || p->p_pid != sip->si_pid) { /* oops */ mtx_lock_spin(&sched_lock); return; } sip->si_pid = 0; sip->si_p = 0; if (p->p_wchan == (caddr_t)&selwait) { /* ... */ If `p' is a pointer to a freed process, then p->p_stat is guaranteed to be SZOMB -- the only code path which can free a process struct is wrapped inside `if (p->p_stat == SZOMB)'. (See kern_exit.c:exit1().) If `p' is a pointer to an active process, and it's the wrong pid, then we don't wake it up. Otherwise, we wake it up. (`p' might still be the wrong process, if pid space wrapped around, but the current code doesn't deal with that condition, either, nor should it.) -GAWollman To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message