Possible sequencing bug in vmspace_exec() and vmspace_unshare().
John Baldwin
jhb at FreeBSD.org
Tue Jan 20 11:48:18 PST 2004
On Tuesday 20 January 2004 04:35 am, Matthew Dillon wrote:
> This is the code:
>
> p->p_vmspace = newvmspace;
> pmap_pinit2(vmspace_pmap(newvmspace));
> vmspace_free(oldvmspace);
> if (p == curthread->td_proc) /* XXXKSE ? */
> pmap_activate(curthread);
>
> What I don't understand is how the old vmspace can possibly be freed
> before the new map is activated. Wouldn't that clear out the pte's in
> the active MMU mapping? There seems to be a small window of
> opportunity where a TLB load could blow the kernel up.
>
> Shouldn't the vmspace_free() call occur after the pmap_activate()?
Looks like it. It also seems that for vmspace_exec(), the operation is always
done on the current proc, so that XXXKSE check should be a KASSERT() instead.
Hmm, seems I moved the vmspace_free()'s to where they are now in rev 1.201
(they used to be before the pmap_init2() call) I just didn't move them far
enough it seems.
--
John Baldwin <jhb at FreeBSD.org> <>< http://www.FreeBSD.org/~jhb/
"Power Users Use the Power to Serve" = http://www.FreeBSD.org
More information about the freebsd-hackers
mailing list