| commit | 009afa1dc45e8007200fc7dc2b200d0b89b85932 | |
| author | Matthew Dillon <dillon@apollo.backplane.com> | |
| Thu, 9 Feb 2017 18:09:43 +0000 (9 10:09 -0800) | ||
| committer | Matthew Dillon <dillon@apollo.backplane.com> | |
| Thu, 9 Feb 2017 18:09:43 +0000 (9 10:09 -0800) | ||
| tree | 899dabd666f6ee681d2f4dd7ef60f4bd8b2ad994 | treesnapshot (tar.gz zip) |
| parent | 7ea86e9de9a8e9c3d959614f2b90833b0188e082 | commitdiff |
kernel - Fix vmspace termination race
* Fix a SMP race which can cause a vmspace structure to be double-freed
to its objcache, resulting in corruption.
* Typical panic was a kernel seg fault at 'vm_copyin+2'. What was in fact
happening was that corruption of the vmspace was racing against reuse and
a decrement of the pmap copyin function pointer. This decrement caused
function calls through the pointer to get very confused.
Reported-by: tuxillo
* Fix a SMP race which can cause a vmspace structure to be double-freed
to its objcache, resulting in corruption.
* Typical panic was a kernel seg fault at 'vm_copyin+2'. What was in fact
happening was that corruption of the vmspace was racing against reuse and
a decrement of the pmap copyin function pointer. This decrement caused
function calls through the pointer to get very confused.
Reported-by: tuxillo
| sys/vm/vm_map.c | diffblobblamehistory |