Date: Fri, 24 Aug 2001 09:45:42 -0700 (PDT) From: Matt Dillon <dillon@earth.backplane.com> To: Alfred Perlstein <bright@mu.org>, David Greenman <dg@root.com> Cc: Julian Elischer <julian@elischer.org>, freebsd-hackers@FreeBSD.ORG Subject: Possible race in i386/i386/pmap.c:pmap_copy() Message-ID: <200108241645.f7OGjgX96286@earth.backplane.com>
next in thread | raw e-mail | index | archive | help
Alfred, DG, could you take a look at pmap_copy() in i386/i386/pmap.c
and tell me if what I think I'm seeing is what I'm seeing?
My read of this code is that a global, APTDpde, is being set, and
then that pointer is being used in a loop later on in the routine.
the problem is that the pmap_allocpte() call can block and, by my
read, that means some other process can go in and change APTDpde out
from under the loop.
This could also be related to problem Julian has been seeing with his
KSE patch set.
There is a comment:
/*
* We have to check after allocpte for the
* pte still being around... allocpte can
* block.
*/
dstmpte = pmap_allocpte(dst_pmap, addr);
if ((*dst_pte == 0) && (ptetemp = *src_pte)) {
/*
* Clear the modified and
...
But I do not believe this check is sufficient if APTDpde gets ripped
out from under the loop. Is this race real or am I blowing smoke?
-Matt
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200108241645.f7OGjgX96286>