From 223de44c93659457e05036dec25b0af610a773a6 Mon Sep 17 00:00:00 2001 From: John Baldwin Date: Fri, 18 Nov 2022 10:04:58 -0800 Subject: [PATCH] vmm devmem_mmap_single: Bump object reference under memsegs lock. Reported by: markj Reviewed by: corvink, markj Differential Revision: https://reviews.freebsd.org/D37273 --- sys/amd64/vmm/vmm_dev.c | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/sys/amd64/vmm/vmm_dev.c b/sys/amd64/vmm/vmm_dev.c index 1b8b1e6d388..a7c12da6870 100644 --- a/sys/amd64/vmm/vmm_dev.c +++ b/sys/amd64/vmm/vmm_dev.c @@ -1262,15 +1262,13 @@ devmem_mmap_single(struct cdev *cdev, vm_ooffset_t *offset, vm_size_t len, KASSERT(error == 0 && !sysmem && *objp != NULL, ("%s: invalid devmem segment %d", __func__, dsc->segid)); + if (seglen >= last) + vm_object_reference(*objp); + else + error = EINVAL; vm_unlock_memsegs(dsc->sc->vm); - - if (seglen >= last) { - vm_object_reference(*objp); - return (0); - } else { - return (EINVAL); - } + return (error); } static struct cdevsw devmemsw = {