hi,

> I think there are two minor race conditions.
> 
> One is between fuswintr/suswintr and pmap_load().
> If pmap_load() is interrupted after "ci->ci_want_pmapload = 0;"
> but before switching cr3 - the functions fuswintr/suswint called in 
> the interrupt can access the wrong address space.
> Just moving the "ci->ci_want_pmapload = 0;" should fix that problem.
> 
> The second is between pmap_reactivate and pmap_tlb_shootdown.
> Example: CPU A reactivates pmap after CPU B checks the active CPUs in 
> pmap_tlb_shootdown
> but before setting  "pmap->pm_weakrefs = 0;"
> I don't think this can be solved without using a lock. (pq_slock?)
> 
> 	Stephan

indeed.  thanks.

YAMAMOTO Takashi