diff options
| author | dillon <dillon@FreeBSD.org> | 2003-01-13 23:04:32 +0000 |
|---|---|---|
| committer | dillon <dillon@FreeBSD.org> | 2003-01-13 23:04:32 +0000 |
| commit | ce710d36cc14755344115d36e5459a39e385e64d (patch) | |
| tree | 3c875a6ad9627d4125943a71834883e1b354baa5 /sys/kern/kern_exec.c | |
| parent | e08a8297e2779e8d6e2160c041440e8f3908ece8 (diff) | |
| download | FreeBSD-src-ce710d36cc14755344115d36e5459a39e385e64d.zip FreeBSD-src-ce710d36cc14755344115d36e5459a39e385e64d.tar.gz | |
It is possible for an active aio to prevent shared memory from being
dereferenced when a process exits due to the vmspace ref-count being
bumped. Change shmexit() and shmexit_myhook() to take a vmspace instead
of a process and call it in vmspace_dofree(). This way if it is missed
in exit1()'s early-resource-free it will still be caught when the zombie is
reaped.
Also fix a potential race in shmexit_myhook() by NULLing out
vmspace->vm_shm prior to calling shm_delete_mapping() and free().
MFC after: 7 days
Diffstat (limited to 'sys/kern/kern_exec.c')
| -rw-r--r-- | sys/kern/kern_exec.c | 3 |
1 files changed, 1 insertions, 2 deletions
diff --git a/sys/kern/kern_exec.c b/sys/kern/kern_exec.c index 543bd6a..0ee36ba 100644 --- a/sys/kern/kern_exec.c +++ b/sys/kern/kern_exec.c @@ -864,8 +864,7 @@ exec_new_vmspace(imgp, sv) map = &vmspace->vm_map; if (vmspace->vm_refcnt == 1 && vm_map_min(map) == sv->sv_minuser && vm_map_max(map) == sv->sv_maxuser) { - if (vmspace->vm_shm) - shmexit(p); + shmexit(vmspace); vm_page_lock_queues(); pmap_remove_pages(vmspace_pmap(vmspace), vm_map_min(map), vm_map_max(map)); |
