From 9d494b34e44c5bbfd2bfa5f9cdac3e0353e38838 Mon Sep 17 00:00:00 2001 From: Matthew Dillon Date: Sun, 20 Nov 2011 11:19:32 -0800 Subject: [PATCH] kernel - Fix vm_object token deadlock (3) * Fix bug in this commit sequence, m->object is NULL'd out after the free so we have to save a copy to drop. Reported-by: marino --- sys/vm/vm_page.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/sys/vm/vm_page.c b/sys/vm/vm_page.c index 11d8678fa9..28a59fd040 100644 --- a/sys/vm/vm_page.c +++ b/sys/vm/vm_page.c @@ -1486,6 +1486,7 @@ vm_page_alloc(vm_object_t object, vm_pindex_t pindex, int page_req) #ifdef SMP globaldata_t gd = mycpu; #endif + vm_object_t obj; vm_page_t m; u_short pg_color; @@ -1578,11 +1579,12 @@ loop: if (m != NULL) { KASSERT(m->dirty == 0, ("Found dirty cache page %p", m)); - if (m->object) { - if (vm_object_hold_try(m->object)) { + if ((obj = m->object) != NULL) { + if (vm_object_hold_try(obj)) { vm_page_protect(m, VM_PROT_NONE); vm_page_free(m); - vm_object_drop(m->object); + /* m->object NULL here */ + vm_object_drop(obj); } else { vm_page_deactivate(m); vm_page_wakeup(m); -- 2.41.0