diff options
| author | kib <kib@FreeBSD.org> | 2014-05-20 09:19:35 +0000 |
|---|---|---|
| committer | kib <kib@FreeBSD.org> | 2014-05-20 09:19:35 +0000 |
| commit | 235f4b10832ead920e03f9fb12902ee0603cfafd (patch) | |
| tree | 8be3ca307a4a5b0423ca9aadfab0ea4182fc326c /crypto | |
| parent | 03ffe04fa732bddad6c2942ead7b0d818098c8e3 (diff) | |
| download | FreeBSD-src-235f4b10832ead920e03f9fb12902ee0603cfafd.zip FreeBSD-src-235f4b10832ead920e03f9fb12902ee0603cfafd.tar.gz | |
When exec_new_vmspace() decides that current vmspace cannot be reused
on execve(2), it calls vmspace_exec(), which frees the current
vmspace. The thread executing an exec syscall gets new vmspace
assigned, and old vmspace is freed if only referenced by the current
process. The free operation includes pmap_release(), which
de-constructs the paging structures used by hardware.
If the calling process is multithreaded, other threads are suspended
in the thread_suspend_check(), and need to be unsuspended and run to
be able to exit on successfull exec. Now, since the old vmspace is
destroyed, paging structures are invalid, threads are resumed on the
non-existent pmaps (page tables), which leads to triple fault on x86.
To fix, postpone the free of old vmspace until the threads are resumed
and exited. To avoid modifications to all image activators all of
which use exec_new_vmspace(), memoize the current (old) vmspace in
kern_execve(), and notify it about the need to call vmspace_free()
with a thread-private flag TDP_EXECVMSPC.
http://bugs.debian.org/743141
Reported by: Ivo De Decker <ivo.dedecker@ugent.be> through secteam
Sponsored by: The FreeBSD Foundation
MFC after: 3 days
Diffstat (limited to 'crypto')
0 files changed, 0 insertions, 0 deletions
