vm: object: fix vm_object_cleanup referencing a vmo controller after the pointer is erased

2026-04-01 18:19:23 +01:00
parent f45b759a4c
commit db1a200eea
1 changed files with 3 additions and 2 deletions
@@ -31,9 +31,10 @@ static kern_status_t vm_object_cleanup(struct object *obj)

 	if (vmo->vo_ctrl) {
 		unsigned long flags;
-		vm_controller_lock_irqsave(vmo->vo_ctrl, &flags);
+		struct vm_controller *ctrl = vmo->vo_ctrl;
+		vm_controller_lock_irqsave(ctrl, &flags);
 		vm_controller_detach_object(vmo->vo_ctrl, vmo);
-		vm_controller_unlock_irqrestore(vmo->vo_ctrl, flags);
+		vm_controller_unlock_irqrestore(ctrl, flags);
 	}

 	return KERN_OK;