diff options
author | dillon <dillon@FreeBSD.org> | 2002-12-15 18:50:04 +0000 |
---|---|---|
committer | dillon <dillon@FreeBSD.org> | 2002-12-15 18:50:04 +0000 |
commit | 2925e70a14eb46bd10c8905fd619024bb19f7f9d (patch) | |
tree | dc75f5c7dd091cc88d3a3e3cb29cc922f32d144b /Makefile.upgrade | |
parent | a8978bcb956a21704b2db069d37f09c6c01395b1 (diff) | |
download | FreeBSD-src-2925e70a14eb46bd10c8905fd619024bb19f7f9d.zip FreeBSD-src-2925e70a14eb46bd10c8905fd619024bb19f7f9d.tar.gz |
Fix a refcount race with the vmspace structure. In order to prevent
resource starvation we clean-up as much of the vmspace structure as we
can when the last process using it exits. The rest of the structure
is cleaned up when it is reaped. But since exit1() decrements the ref
count it is possible for a double-free to occur if someone else, such as
the process swapout code, references and then dereferences the structure.
Additionally, the final cleanup of the structure should not occur until
the last process referencing it is reaped.
This commit solves the problem by introducing a secondary reference count,
calling 'vm_exitingcnt'. The normal reference count is decremented on exit
and vm_exitingcnt is incremented. vm_exitingcnt is decremented when the
process is reaped. When both vm_exitingcnt and vm_refcnt are 0, the
structure is freed for real.
MFC after: 3 weeks
Diffstat (limited to 'Makefile.upgrade')
0 files changed, 0 insertions, 0 deletions