Initialize result->backing_object_offset before linking result onto the list of
vm objects shadowing source in vm_object_shadow(). This closes a race where vm_object_collapse() could be called with a partially uninitialized object argument causing symptoms that looked like hardware problems, e.g. signal 6, 10, 11 or a /bin/sh busy-waiting for a nonexistant child process.
This commit is contained in:
Tor Egge
parent
794950069f
commit
9174ca7ba3
@ -1216,6 +1216,11 @@ vm_object_shadow(
|
||||
* shadowed object.
|
||||
*/
|
||||
result->backing_object = source;
|
||||
/*
|
||||
* Store the offset into the source object, and fix up the offset into
|
||||
* the new object.
|
||||
*/
|
||||
result->backing_object_offset = *offset;
|
||||
if (source != NULL) {
|
||||
VM_OBJECT_LOCK(source);
|
||||
LIST_INSERT_HEAD(&source->shadow_head, result, shadow_list);
|
||||
@ -1233,11 +1238,6 @@ vm_object_shadow(
|
||||
PQ_L2_MASK;
|
||||
}
|
||||
|
||||
/*
|
||||
* Store the offset into the source object, and fix up the offset into
|
||||
* the new object.
|
||||
*/
|
||||
result->backing_object_offset = *offset;
|
||||
|
||||
/*
|
||||
* Return the new things
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user