From 6ed1ccd21ea012ffb37d8c8d47e87b5f90979fc8 Mon Sep 17 00:00:00 2001 From: Gleb Koval Date: Fri, 8 Nov 2024 10:50:10 +0000 Subject: [PATCH] Fix process_result locking by acquiring in process_wait as well to prevent freeing memory too early --- src/threads/thread.c | 1 + src/threads/thread.h | 7 ++++--- src/userprog/process.c | 27 +++++++++++++++++++++++---- 3 files changed, 28 insertions(+), 7 deletions(-) diff --git a/src/threads/thread.c b/src/threads/thread.c index aecafdf..379894d 100644 --- a/src/threads/thread.c +++ b/src/threads/thread.c @@ -647,6 +647,7 @@ init_process_result (struct thread *t) struct process_result *result = malloc (sizeof (struct process_result)); result->tid = t->tid; result->exit_status = t->exit_status; + lock_init (&result->lock); sema_init (&result->sema, 0); t->result = result; } diff --git a/src/threads/thread.h b/src/threads/thread.h index f6227f5..2947256 100644 --- a/src/threads/thread.h +++ b/src/threads/thread.h @@ -34,9 +34,10 @@ typedef int tid_t; /* A process result, synchronised between parent and child. */ struct process_result { - tid_t tid; /* The tid of the child process. */ - int exit_status; /* The exit status of the child process. Initially set to - -1, then to exit_status when child dies. */ + tid_t tid; /* The tid of the child process. */ + int exit_status; /* The exit status of the child process. Initially set + to -1, then to exit_status when child dies. */ + struct lock lock; /* Lock the exit_status and sema. */ struct semaphore sema; /* Semaphore to signal the parent that the exit_status has been set. */ struct list_elem elem; /* List element for the parent's children list. */ diff --git a/src/userprog/process.c b/src/userprog/process.c index 1db334a..370a216 100644 --- a/src/userprog/process.c +++ b/src/userprog/process.c @@ -224,11 +224,16 @@ process_wait (tid_t child_tid UNUSED) return -1; /* Wait for child to die. */ sema_down (&child_result->sema); + /* We need lock release in process_exit, so we need to acquire (and possibly + wait) for it here to ensure we don't free the lock memory before it is + released in process_exit. */ + lock_acquire (&child_result->lock); /* To prevent waiting for child twice, remove it from the list. No need to use lock since this is the only thread with access to the struct process_result now. */ list_remove (&child_result->elem); int exit_status = child_result->exit_status; + lock_release (&child_result->lock); free (child_result); return exit_status; } @@ -245,14 +250,21 @@ process_exit (void) /* Update process result. */ if (cur->result != NULL) { + lock_acquire (&cur->result->lock); cur->result->exit_status = cur->exit_status; /* Parent has died, child has to free the struct process_result * */ if (sema_try_down (&cur->result->sema)) - free (cur->result); + { + lock_release (&cur->result->lock); + free (cur->result); + } /* Parent is still alive and will be the one to free the struct process_result *, and may be waiting so call sema_up */ else - sema_up (&cur->result->sema); + { + sema_up (&cur->result->sema); + lock_release (&cur->result->lock); + } } struct list_elem *e; @@ -261,12 +273,19 @@ process_exit (void) { struct process_result *result = list_entry (e, struct process_result, elem); + lock_acquire (&result->lock); /* Child has died (and was not waited for). Free the result. */ if (sema_try_down (&result->sema)) - free (result); + { + lock_release (&result->lock); + free (result); + } /* Child is still alive, signal via sema that parent has died. */ else - sema_up (&result->sema); + { + sema_up (&result->sema); + lock_release (&result->lock); + } } /* Destroy the current process's page directory and switch back