From a5b7fde7222ddaf6a84d43615f1640eaf1da1db5 Mon Sep 17 00:00:00 2001
From: "Christian S.J. Peron" <csjp@FreeBSD.org>
Date: Sun, 9 Oct 2005 02:37:27 +0000
Subject: [PATCH] Lock object while we iterate through it's backing objects.

Discussed with:	alc
---
 sys/security/mac/mac_process.c | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/sys/security/mac/mac_process.c b/sys/security/mac/mac_process.c
index 67bda6fa7742..9b72cbd5cc04 100644
--- a/sys/security/mac/mac_process.c
+++ b/sys/security/mac/mac_process.c
@@ -327,7 +327,7 @@ mac_cred_mmapped_drop_perms_recurse(struct thread *td, struct ucred *cred,
 	struct vm_map_entry *vme;
 	int vfslocked, result;
 	vm_prot_t revokeperms;
-	vm_object_t object;
+	vm_object_t backing_object, object;
 	vm_ooffset_t offset;
 	struct vnode *vp;
 
@@ -354,13 +354,14 @@ mac_cred_mmapped_drop_perms_recurse(struct thread *td, struct ucred *cred,
 		object = vme->object.vm_object;
 		if (object == NULL)
 			continue;
-		/* XXXCSJP We need to lock the object before walking
-		 * the backing object list.
-		 */
-		while (object->backing_object != NULL) {
+		VM_OBJECT_LOCK(object);
+		while ((backing_object = object->backing_object) != NULL) {
+			VM_OBJECT_LOCK(backing_object);
 			offset += object->backing_object_offset;
-			object = object->backing_object;
+			VM_OBJECT_UNLOCK(object);
+			object = backing_object;
 		}
+		VM_OBJECT_UNLOCK(object);
 		/*
 		 * At the moment, vm_maps and objects aren't considered
 		 * by the MAC system, so only things with backing by a