Move cpu_set_upcall(newtd, td) up before the first call of

thread_free(newtd). This to avoid a possible page fault in cpu_thread_clean() as seen on amd64 with syscall fuzzing. Reviewed by: kib MFC after: 1 week
2011-12-09 17:19:41 +00:00 · 2011-12-09 17:19:41 +00:00 · cdea31e305
commit cdea31e305
parent 569dd0f3be
1 changed files with 2 additions and 2 deletions
--- a/sys/kern/kern_thr.c
+++ b/sys/kern/kern_thr.c
@ -201,6 +201,8 @@ create_thread(struct thread *td, mcontext_t *ctx,
 		goto fail;
 	}

+	cpu_set_upcall(newtd, td);
+
 	/*
 	 * Try the copyout as soon as we allocate the td so we don't
 	 * have to tear things down in a failure case below.
@ -226,8 +228,6 @@ create_thread(struct thread *td, mcontext_t *ctx,
 	newtd->td_proc = td->td_proc;
 	newtd->td_ucred = crhold(td->td_ucred);

-	cpu_set_upcall(newtd, td);
-
 	if (ctx != NULL) { /* old way to set user context */
 		error = set_mcontext(newtd, ctx);
 		if (error != 0) {