From 3caf6b8870a1a29315c6a32d82c54a32169af0fb Mon Sep 17 00:00:00 2001 From: Matthew Dillon Date: Thu, 9 Jun 2011 13:28:08 -0700 Subject: [PATCH] kernel - Fix a 'vm_page_unhold: hold count < 0' panic in kern_execve() * imgp->firstpage is preloaded with lwbuf storage but we failed to NULL it out on error, causing the code to later attempt to release a bogus lwbuf. * Fixes a hold count panic on random vm_page's. --- sys/kern/kern_exec.c | 10 +++++++++- 1 files changed, 9 insertions(+), 1 deletions(-) diff --git a/sys/kern/kern_exec.c b/sys/kern/kern_exec.c index 3effc92..fdc83cc 100644 --- a/sys/kern/kern_exec.c +++ b/sys/kern/kern_exec.c @@ -670,6 +670,12 @@ exec_map_page(struct image_params *imgp, vm_pindex_t pageno, return (0); } +/* + * Map the first page of an executable image. + * + * NOTE: If the mapping fails we have to NULL-out firstpage which may + * still be pointing to our supplied lwp structure. + */ int exec_map_first_page(struct image_params *imgp) { @@ -681,8 +687,10 @@ exec_map_first_page(struct image_params *imgp) imgp->firstpage = &imgp->firstpage_cache; err = exec_map_page(imgp, 0, &imgp->firstpage, &imgp->image_header); - if (err) + if (err) { + imgp->firstpage = NULL; return err; + } return 0; } -- 1.7.7.2