From ce710d36cc14755344115d36e5459a39e385e64d Mon Sep 17 00:00:00 2001 From: dillon Date: Mon, 13 Jan 2003 23:04:32 +0000 Subject: It is possible for an active aio to prevent shared memory from being dereferenced when a process exits due to the vmspace ref-count being bumped. Change shmexit() and shmexit_myhook() to take a vmspace instead of a process and call it in vmspace_dofree(). This way if it is missed in exit1()'s early-resource-free it will still be caught when the zombie is reaped. Also fix a potential race in shmexit_myhook() by NULLing out vmspace->vm_shm prior to calling shm_delete_mapping() and free(). MFC after: 7 days --- sys/kern/kern_exec.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'sys/kern/kern_exec.c') diff --git a/sys/kern/kern_exec.c b/sys/kern/kern_exec.c index 543bd6a..0ee36ba 100644 --- a/sys/kern/kern_exec.c +++ b/sys/kern/kern_exec.c @@ -864,8 +864,7 @@ exec_new_vmspace(imgp, sv) map = &vmspace->vm_map; if (vmspace->vm_refcnt == 1 && vm_map_min(map) == sv->sv_minuser && vm_map_max(map) == sv->sv_maxuser) { - if (vmspace->vm_shm) - shmexit(p); + shmexit(vmspace); vm_page_lock_queues(); pmap_remove_pages(vmspace_pmap(vmspace), vm_map_min(map), vm_map_max(map)); -- cgit v1.1