From 00d8ec3ead162c25ed1631734632b16475359dfd Mon Sep 17 00:00:00 2001
From: Andreas Kling <kling@serenityos.org>
Date: Sat, 8 Feb 2020 12:54:06 +0100
Subject: [PATCH] Kernel: The inode fault handler should grab the VMObject lock
 earlier

It doesn't look healthy to create raw references into an array before
a temporary unlock. In fact, that temporary unlock looks generally
unhealthy, but it's a different problem.
---
 Kernel/VM/Region.cpp | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/Kernel/VM/Region.cpp b/Kernel/VM/Region.cpp
index 86a567dd76..ab0f7da74b 100644
--- a/Kernel/VM/Region.cpp
+++ b/Kernel/VM/Region.cpp
@@ -433,13 +433,14 @@ PageFaultResponse Region::handle_inode_fault(size_t page_index_in_region)
 {
     ASSERT_INTERRUPTS_DISABLED();
     ASSERT(vmobject().is_inode());
-    auto& inode_vmobject = static_cast<InodeVMObject&>(vmobject());
-    auto& vmobject_physical_page_entry = inode_vmobject.physical_pages()[first_page_index() + page_index_in_region];
 
     sti();
     LOCKER(vmobject().m_paging_lock);
     cli();
 
+    auto& inode_vmobject = static_cast<InodeVMObject&>(vmobject());
+    auto& vmobject_physical_page_entry = inode_vmobject.physical_pages()[first_page_index() + page_index_in_region];
+
 #ifdef PAGE_FAULT_DEBUG
     dbg() << "Inode fault in " << name() << " page index: " << page_index_in_region;
 #endif