move uao_reference() call before uvm_map()

other uses in the kernel do this as uvm_map() may sleep and the segment
may be deallocated while sleeping without a reference

kettenis notes that shouldn't happen here due to a obj reference from an
earlier i915_gem_object_lookup() call

ok visa@ kettenis@

diff --git a/sys/dev/pci/drm/i915/gem/i915_gem_mman.c b/sys/dev/pci/drm/i915/gem/i915_gem_mman.c
index dda2f13..e9d978d 100644 (file)
--- a/sys/dev/pci/drm/i915/gem/i915_gem_mman.c
+++ b/sys/dev/pci/drm/i915/gem/i915_gem_mman.c
@@ -139,12 +139,13 @@ i915_gem_mmap_ioctl(struct drm_device *dev, void *data,
        i915_gem_object_put(obj);
 #else
        addr = 0;
+       uao_reference(obj->base.uao);
        ret = -uvm_map(&curproc->p_vmspace->vm_map, &addr, size,
            obj->base.uao, args->offset, 0, UVM_MAPFLAG(PROT_READ | PROT_WRITE,
            PROT_READ | PROT_WRITE, MAP_INHERIT_SHARE, MADV_RANDOM,
            (args->flags & I915_MMAP_WC) ? UVM_FLAG_WC : 0));
-       if (ret == 0)
-               uao_reference(obj->base.uao);
+       if (ret != 0)
+               uao_detach(obj->base.uao);
        i915_gem_object_put(obj);
        if (ret)
                return ret;