Date: Thu, 19 Jan 2006 14:38:33 -0600 From: Alan Cox <alc@cs.rice.edu> To: John Baldwin <jhb@freebsd.org> Cc: alc@freebsd.org, freebsd-current@freebsd.org, Suleiman Souhlal <ssouhlal@freebsd.org>, Kris Kennaway <kris@obsecurity.org> Subject: Re: System call munmap returning with the following locks held: Giant Message-ID: <20060119203833.GC7599@cs.rice.edu> In-Reply-To: <200601191114.27075.jhb@freebsd.org> References: <20060118070549.GA617@xor.obsecurity.org> <43CEEBD4.3060604@FreeBSD.org> <200601190802.31914.jhb@freebsd.org> <200601191114.27075.jhb@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Jan 19, 2006 at 11:14:24AM -0500, John Baldwin wrote: [snip] > > Are you really sure the object's type can change or does the caller of > vm_object_deallocate() hold some sort of reference or what not that prevents > the type from changing? > My recollection is that the object does not change type until all of the references have been drained and it is about to be freed by vm_object_terminate(). At the point where the type check is being performed, the caller should hold a reference on the object. Thus, the type should not be changing. That said, an unexpected type change still strikes me as the most plausible cause. Is there a test that easily reproduces this problem? Alan
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060119203833.GC7599>