diff options
| author | gallatin <gallatin@FreeBSD.org> | 2003-03-18 18:27:33 +0000 |
|---|---|---|
| committer | gallatin <gallatin@FreeBSD.org> | 2003-03-18 18:27:33 +0000 |
| commit | d18eb82da543041fcb76c4f84e5ce7f514660496 (patch) | |
| tree | 889671decf2d28bb9b98451080a4895537d30cf0 /sys | |
| parent | 45fa1964e92b0578603fd26b621d29ee968caaec (diff) | |
| download | FreeBSD-src-d18eb82da543041fcb76c4f84e5ce7f514660496.zip FreeBSD-src-d18eb82da543041fcb76c4f84e5ce7f514660496.tar.gz | |
Fix a race condition in socow_setup(): The page must be wired before
sf_buf_alloc() is called, as sf_buf_alloc() may sleep. If it does sleep,
the page might be reclaimed before wiring occurs.
Reported by: alc
Diffstat (limited to 'sys')
| -rw-r--r-- | sys/kern/uipc_cow.c | 11 |
1 files changed, 7 insertions, 4 deletions
diff --git a/sys/kern/uipc_cow.c b/sys/kern/uipc_cow.c index 2258aca..4cded3f 100644 --- a/sys/kern/uipc_cow.c +++ b/sys/kern/uipc_cow.c @@ -129,10 +129,6 @@ socow_setup(struct mbuf *m0, struct uio *uio) } pp = PHYS_TO_VM_PAGE(pa); - sf = sf_buf_alloc(); - sf->m = pp; - pmap_qenter(sf->kva, &pp, 1); - /* * set up COW */ @@ -145,6 +141,13 @@ socow_setup(struct mbuf *m0, struct uio *uio) vm_page_wire(pp); vm_page_unlock_queues(); + /* + * Allocate an sf buf + */ + sf = sf_buf_alloc(); + sf->m = pp; + pmap_qenter(sf->kva, &pp, 1); + /* * attach to mbuf */ |
