From 07fc5999211dc399d7d9d071670a9a4c3fa8418a Mon Sep 17 00:00:00 2001
From: alc <alc@FreeBSD.org>
Date: Tue, 12 Mar 2013 06:14:31 +0000
Subject: When transferring the page from one object to another, don't insert
 the page into its new object until the page's pindex has been updated.
 Otherwise, one code path within vm_radix_insert() may use the wrong pindex
 value.

Sponsored by:	EMC / Isilon Storage Division
---
 sys/vm/vm_page.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'sys/vm')

diff --git a/sys/vm/vm_page.c b/sys/vm/vm_page.c
index c47414a..16fe378 100644
--- a/sys/vm/vm_page.c
+++ b/sys/vm/vm_page.c
@@ -1110,10 +1110,10 @@ vm_page_cache_transfer(vm_object_t orig_object, vm_pindex_t offidxstart,
 		if ((m->pindex - offidxstart) >= new_object->size)
 			break;
 		vm_radix_remove(&orig_object->cache, m->pindex);
-		vm_radix_insert(&new_object->cache, m->pindex - offidxstart, m);
 		/* Update the page's object and offset. */
 		m->object = new_object;
 		m->pindex -= offidxstart;
+		vm_radix_insert(&new_object->cache, m->pindex, m);
 	}
 	mtx_unlock(&vm_page_queue_free_mtx);
 }
-- 
cgit v1.1