fix(cow): prevent deallocation of untracked frames #80
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
The CoW fork implementation was causing kernel panics during signal delivery after child processes terminated. The root cause was that frame_decref() returned true for untracked frames, causing them to be freed even when they might still be in use. The crash occurred at kernel address 0xffffc97ffffffff0 with RSP=0xffffc97fffffffe0, indicating memory corruption in the kernel stack region (PML4[402]). Fix: Change frame_decref() to return false for untracked frames. This causes a small memory leak for child-allocated pages but prevents potential corruption from freeing frames that may still be in use by kernel structures or other processes. The conservative approach is necessary because untracked frames include: 1. Frames allocated by child processes after fork (safe to free) 2. Frames that were never part of CoW sharing (unsafe to free) Since we cannot distinguish between these cases, we leak rather than risk corruption. Further investigation is needed to properly track all frames that are safe to deallocate. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
frame_decref()to returnfalsefor untracked frames, preventing unsafe deallocationRoot Cause
The CoW fork implementation (PR #79) introduced a bug where
frame_decref()returnedtruefor frames not tracked in the CoW metadata. This caused untracked frames to be freed and potentially reused while still in use by kernel structures, leading to memory corruption.Fix
Conservative approach: refuse to deallocate untracked frames. This causes a small memory leak for child-allocated pages but prevents corruption. A more complete fix would properly track which frames are safe to deallocate.
Test plan
🤖 Generated with Claude Code