From db1a200eeac01dc676ec11d89f7355a2d54f9bf9 Mon Sep 17 00:00:00 2001 From: Max Wash Date: Wed, 1 Apr 2026 18:19:23 +0100 Subject: [PATCH] vm: object: fix vm_object_cleanup referencing a vmo controller after the pointer is erased --- vm/vm-object.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/vm/vm-object.c b/vm/vm-object.c index d720c3c..84b08d2 100644 --- a/vm/vm-object.c +++ b/vm/vm-object.c @@ -31,9 +31,10 @@ static kern_status_t vm_object_cleanup(struct object *obj) if (vmo->vo_ctrl) { unsigned long flags; - vm_controller_lock_irqsave(vmo->vo_ctrl, &flags); + struct vm_controller *ctrl = vmo->vo_ctrl; + vm_controller_lock_irqsave(ctrl, &flags); vm_controller_detach_object(vmo->vo_ctrl, vmo); - vm_controller_unlock_irqrestore(vmo->vo_ctrl, flags); + vm_controller_unlock_irqrestore(ctrl, flags); } return KERN_OK;