Hi, 1) pr->ps_ru is already NULL, so code can be shrunk. 2) missing timeout_del, we clear the 2 timeouts in struct process, but not from struct proc. 3) ps_mainproc is allocated in thread_new(), passed to process_new(), and then to process_initialize(). ps_mainproc never gets a call to uvm_uarea_free(). So to allow ps_mainproc to be freed when called finally in process_zap(), we shuffle the uvm_uarea_free() code into proc_free(). Is this analysis correct or wrong?
Thanks Index: kern/kern_exit.c =================================================================== RCS file: /cvs/src/sys/kern/kern_exit.c,v retrieving revision 1.184 diff -u -p -u -p -r1.184 kern_exit.c --- kern/kern_exit.c 28 Feb 2020 17:03:05 -0000 1.184 +++ kern/kern_exit.c 29 Feb 2020 20:29:16 -0000 @@ -172,12 +172,7 @@ exit1(struct proc *p, int xexit, int xsi rup = pr->ps_ru; if (rup == NULL) { rup = pool_get(&rusage_pool, PR_WAITOK | PR_ZERO); - if (pr->ps_ru == NULL) { - pr->ps_ru = rup; - } else { - pool_put(&rusage_pool, rup); - rup = pr->ps_ru; - } + pr->ps_ru = rup; } p->p_siglist = 0; if ((p->p_flag & P_THREAD) == 0) @@ -390,6 +385,14 @@ exit2(struct proc *p) void proc_free(struct proc *p) { + timeout_del(&p->p_sleep_to); + /* + * Free the VM resources we're still holding on to. + * We must do this from a valid thread because doing + * so may block. + */ + uvm_uarea_free(p); + p->p_vmspace = NULL; /* zap the thread's copy */ crfree(p->p_ucred); pool_put(&proc_pool, p); nthreads--; @@ -422,14 +425,6 @@ reaper(void *arg) WITNESS_THREAD_EXIT(p); KERNEL_LOCK(); - - /* - * Free the VM resources we're still holding on to. - * We must do this from a valid thread because doing - * so may block. - */ - uvm_uarea_free(p); - p->p_vmspace = NULL; /* zap the thread's copy */ if (p->p_flag & P_THREAD) { /* Just a thread */