Move cpu_set_upcall(newtd, td) up before the first call of

thread_free(newtd). This to avoid a possible page fault in cpu_thread_clean() as seen on amd64 with syscall fuzzing. Reviewed by: kib MFC after: 1 week
author: pho <pho@FreeBSD.org> 2011-12-09 17:19:41 +0000
committer: pho <pho@FreeBSD.org> 2011-12-09 17:19:41 +0000
commit: 109ecfbeb1319e392b9ab944c5dd245ffff25bd2 (patch)
tree: 42cf11814173a287d36cf2ba3f4fa0479b71be1d /sys/kern/kern_thr.c
parent: a274e72947d9b0f3729b2d06c42826a43ec46097 (diff)
download: FreeBSD-src-109ecfbeb1319e392b9ab944c5dd245ffff25bd2.zip
FreeBSD-src-109ecfbeb1319e392b9ab944c5dd245ffff25bd2.tar.gz
1 files changed, 2 insertions, 2 deletions
diff --git a/sys/kern/kern_thr.c b/sys/kern/kern_thr.c
index 5bcef04..24c6cfd 100644
--- a/sys/kern/kern_thr.c
+++ b/sys/kern/kern_thr.c
@@ -201,6 +201,8 @@ create_thread(struct thread *td, mcontext_t *ctx,
 		goto fail;
 	}
 
+	cpu_set_upcall(newtd, td);
+
 	/*
 	 * Try the copyout as soon as we allocate the td so we don't
 	 * have to tear things down in a failure case below.
@@ -226,8 +228,6 @@ create_thread(struct thread *td, mcontext_t *ctx,
 	newtd->td_proc = td->td_proc;
 	newtd->td_ucred = crhold(td->td_ucred);
 
-	cpu_set_upcall(newtd, td);
-
 	if (ctx != NULL) { /* old way to set user context */
 		error = set_mcontext(newtd, ctx);
 		if (error != 0) {
author	pho <pho@FreeBSD.org>	2011-12-09 17:19:41 +0000
committer	pho <pho@FreeBSD.org>	2011-12-09 17:19:41 +0000
commit	109ecfbeb1319e392b9ab944c5dd245ffff25bd2 (patch)
tree	42cf11814173a287d36cf2ba3f4fa0479b71be1d /sys/kern/kern_thr.c
parent	a274e72947d9b0f3729b2d06c42826a43ec46097 (diff)
download	FreeBSD-src-109ecfbeb1319e392b9ab944c5dd245ffff25bd2.zip FreeBSD-src-109ecfbeb1319e392b9ab944c5dd245ffff25bd2.tar.gz