Initialize result->backing_object_offset before linking result onto the list of

vm objects shadowing source in vm_object_shadow(). This closes a race where vm_object_collapse() could be called with a partially uninitialized object argument causing symptoms that looked like hardware problems, e.g. signal 6, 10, 11 or a /bin/sh busy-waiting for a nonexistant child process.
author: tegge <tegge@FreeBSD.org> 2004-06-28 20:26:35 +0000
committer: tegge <tegge@FreeBSD.org> 2004-06-28 20:26:35 +0000
commit: 16dc5859f2d4aa081638361152c428cad5042baa (patch)
tree: 85a2c6746bbaf7482eef4e73288842d7b6f22f11 /sys/vm
parent: 61364cc86985fcfada6a818e1b48f59f91793aa2 (diff)
download: FreeBSD-src-16dc5859f2d4aa081638361152c428cad5042baa.zip
FreeBSD-src-16dc5859f2d4aa081638361152c428cad5042baa.tar.gz
1 files changed, 5 insertions, 5 deletions
diff --git a/sys/vm/vm_object.c b/sys/vm/vm_object.c
index e7b297b..3701737 100644
--- a/sys/vm/vm_object.c
+++ b/sys/vm/vm_object.c
@@ -1216,6 +1216,11 @@ vm_object_shadow(
 	 * shadowed object.
 	 */
 	result->backing_object = source;
+	/*
+	 * Store the offset into the source object, and fix up the offset into
+	 * the new object.
+	 */
+	result->backing_object_offset = *offset;
 	if (source != NULL) {
 		VM_OBJECT_LOCK(source);
 		LIST_INSERT_HEAD(&source->shadow_head, result, shadow_list);
@@ -1233,11 +1238,6 @@ vm_object_shadow(
 		    PQ_L2_MASK;
 	}
 
-	/*
-	 * Store the offset into the source object, and fix up the offset into
-	 * the new object.
-	 */
-	result->backing_object_offset = *offset;
 
 	/*
 	 * Return the new things
author	tegge <tegge@FreeBSD.org>	2004-06-28 20:26:35 +0000
committer	tegge <tegge@FreeBSD.org>	2004-06-28 20:26:35 +0000
commit	16dc5859f2d4aa081638361152c428cad5042baa (patch)
tree	85a2c6746bbaf7482eef4e73288842d7b6f22f11 /sys/vm
parent	61364cc86985fcfada6a818e1b48f59f91793aa2 (diff)
download	FreeBSD-src-16dc5859f2d4aa081638361152c428cad5042baa.zip FreeBSD-src-16dc5859f2d4aa081638361152c428cad5042baa.tar.gz