Possible sequencing bug in vmspace_exec() and vmspace_unshare().

[Matthew Dillon]

    This is the code:

        p->p_vmspace = newvmspace;
        pmap_pinit2(vmspace_pmap(newvmspace));
        vmspace_free(oldvmspace);
        if (p == curthread->td_proc)            /* XXXKSE ? */
                pmap_activate(curthread);

    What I don't understand is how the old vmspace can possibly be freed
    before the new map is activated.  Wouldn't that clear out the pte's in
    the active MMU mapping?  There seems to be a small window of opportunity
    where a TLB load could blow the kernel up.

    Shouldn't the vmspace_free() call occur after the pmap_activate()?

						-Matt