From fa4ea5d2f2c4f2808206b802fa09b5ee6ffb7631 Mon Sep 17 00:00:00 2001
From: alc <alc@FreeBSD.org>
Date: Mon, 10 Nov 2003 01:37:40 +0000
Subject:  - The Open Group Base Specifications Issue 6 specifies that an
 munmap(2)    must return EINVAL if size is zero.  Submitted by: tegge  - In
 order to avoid a race condition in multithreaded applications, the    check
 and removal operations by munmap(2) must be in the same critical    section. 
 To accomodate this, vm_map_check_protection() is modified to    require its
 caller to obtain at least a read lock on the map.

---
 sys/vm/vm_glue.c | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'sys/vm/vm_glue.c')

diff --git a/sys/vm/vm_glue.c b/sys/vm/vm_glue.c
index 6e2872f..2dda5f8 100644
--- a/sys/vm/vm_glue.c
+++ b/sys/vm/vm_glue.c
@@ -144,7 +144,9 @@ kernacc(addr, len, rw)
 	prot = rw;
 	saddr = trunc_page((vm_offset_t)addr);
 	eaddr = round_page((vm_offset_t)addr + len);
+	vm_map_lock_read(kernel_map);
 	rv = vm_map_check_protection(kernel_map, saddr, eaddr, prot);
+	vm_map_unlock_read(kernel_map);
 	return (rv == TRUE);
 }
 
@@ -174,8 +176,10 @@ useracc(addr, len, rw)
 	    (vm_offset_t)addr + len < (vm_offset_t)addr) {
 		return (FALSE);
 	}
+	vm_map_lock_read(map);
 	rv = vm_map_check_protection(map, trunc_page((vm_offset_t)addr),
 	    round_page((vm_offset_t)addr + len), prot);
+	vm_map_unlock_read(map);
 	return (rv == TRUE);
 }
 
-- 
cgit v1.1