Don't access fs->first_object after dropping reference to it.

The result could be a missed or extra giant unlock. Reviewed by: alc
author: tegge <tegge@FreeBSD.org> 2005-12-20 12:27:59 +0000
committer: tegge <tegge@FreeBSD.org> 2005-12-20 12:27:59 +0000
commit: 7245d518e8613a91f727a587f0d552cafff8e692 (patch)
tree: 6fa890c7686eeb5632e655a5f73d3fbe5da68b9a /sys/vm
parent: 93da966e65d9c28c83dc43c9f882a9722d19c45e (diff)
download: FreeBSD-src-7245d518e8613a91f727a587f0d552cafff8e692.zip
FreeBSD-src-7245d518e8613a91f727a587f0d552cafff8e692.tar.gz
1 files changed, 3 insertions, 1 deletions
diff --git a/sys/vm/vm_fault.c b/sys/vm/vm_fault.c
index e50d4ed..4b7151b 100644
--- a/sys/vm/vm_fault.c
+++ b/sys/vm/vm_fault.c
@@ -152,6 +152,7 @@ unlock_map(struct faultstate *fs)
 static void
 unlock_and_deallocate(struct faultstate *fs)
 {
+	boolean_t firstobjneedgiant;
 
 	vm_object_pip_wakeup(fs->object);
 	VM_OBJECT_UNLOCK(fs->object);
@@ -164,6 +165,7 @@ unlock_and_deallocate(struct faultstate *fs)
 		VM_OBJECT_UNLOCK(fs->first_object);
 		fs->first_m = NULL;
 	}
+	firstobjneedgiant = (fs->first_object->flags & OBJ_NEEDGIANT) != 0;
 	vm_object_deallocate(fs->first_object);
 	unlock_map(fs);	
 	if (fs->vp != NULL) { 
@@ -174,7 +176,7 @@ unlock_and_deallocate(struct faultstate *fs)
 		fs->vp = NULL;
 		VFS_UNLOCK_GIANT(vfslocked);
 	}
-	if (fs->first_object->flags & OBJ_NEEDGIANT)
+	if (firstobjneedgiant)
 		VM_UNLOCK_GIANT();
 }
author	tegge <tegge@FreeBSD.org>	2005-12-20 12:27:59 +0000
committer	tegge <tegge@FreeBSD.org>	2005-12-20 12:27:59 +0000
commit	7245d518e8613a91f727a587f0d552cafff8e692 (patch)
tree	6fa890c7686eeb5632e655a5f73d3fbe5da68b9a /sys/vm
parent	93da966e65d9c28c83dc43c9f882a9722d19c45e (diff)
download	FreeBSD-src-7245d518e8613a91f727a587f0d552cafff8e692.zip FreeBSD-src-7245d518e8613a91f727a587f0d552cafff8e692.tar.gz