Fix a nasty bug that causes random crashes and lockups particularly on

very busy servers (eg: news, web).  This is an interaction between
embryonic processes that have not yet finished forking, and happen to
cause the kernel VM space to grow, hitting the uninitialised variable.

It was possible for this to strike at any time, depending on the size of
your kernel and load patterns.  One machine had paniced occasionally
when cron launches a job since before the 2.1 release.

If you had "options DIAGNOSTIC", you may have seen references to bogus
addresses like 0xdeadc142 and the like.

This is a minimal change to fix the problem, it will probably be done
better by reordering p_vmspace to be in the startzero section, but it
becomes harder to validate then.

It's been vulnerable since pmap.c rev 1.40 (Jan 9, 1995), so it's been a
cause of problems since well before 2.0.5.  This was when the merged
VM/buffer cache and the dynamic growing kernel VM space were first
committed.  This probably fixes a few of PR's.

1 files changed, 6 insertions, 1 deletions

diff --git a/sys/kern/kern_fork.c b/sys/kern/kern_fork.c
index 49bd940..2ea502e 100644
--- a/sys/kern/kern_fork.c
+++ b/sys/kern/kern_fork.c
@@ -36,7 +36,7 @@
  * SUCH DAMAGE.
  *
  *	@(#)kern_fork.c	8.6 (Berkeley) 4/8/94
- * $Id: kern_fork.c,v 1.2 1996/04/02 05:26:56 kashmir Exp $
+ * $Id: kern_fork.c,v 1.20 1996/04/17 17:04:55 smpatel Exp $
  */
 
 #include "opt_ktrace.h"
@@ -220,6 +220,11 @@ again:
 	    (unsigned) ((caddr_t)&p2->p_endcopy - (caddr_t)&p2->p_startcopy));
 
 	/*
+	 * XXX: this should be done as part of the startzero above
+	 */
+	p2->p_vmspace = 0;		/* XXX */
+
+	/*
 	 * Duplicate sub-structures as needed.
 	 * Increase reference counts on shared objects.
 	 * The p_stats and p_sigacts substructs are set in vm_fork.