From: Martin Pieuchot <mpi@grenadille.net>
Subject: Missing unlock in uvmfault_promote()
To: tech@openbsd.org
Cc: Stuart Henderson <stu@spacehopper.org>
Date: Wed, 1 Jan 2025 11:47:51 +0100

Stuart reported a panic "locking against myself" in the lower fault
handler which is almost certainly related to a missing unlock in the
recently introduced uvmfault_promote().

Diff below fixes it, ok?

Index: uvm/uvm_fault.c
===================================================================
RCS file: /cvs/src/sys/uvm/uvm_fault.c,v
diff -u -p -r1.158 uvm_fault.c
--- uvm/uvm_fault.c	27 Dec 2024 12:04:40 -0000	1.158
+++ uvm/uvm_fault.c	1 Jan 2025 10:43:40 -0000
@@ -501,9 +501,13 @@ uvmfault_promote(struct uvm_faultinfo *u
     struct vm_page **npg)
 {
 	struct vm_amap *amap = ufi->entry->aref.ar_amap;
+	struct uvm_object *uobj = NULL;
 	struct vm_anon *anon;
 	struct vm_page *pg = NULL;
 
+	if (uobjpage != PGO_DONTCARE)
+		uobj = uobjpage->uobject;
+
 	anon = uvm_analloc();
 	if (anon) {
 		anon->an_lock = amap->am_lock;
@@ -513,7 +517,7 @@ uvmfault_promote(struct uvm_faultinfo *u
 
 	/* check for out of RAM */
 	if (anon == NULL || pg == NULL) {
-		uvmfault_unlockall(ufi, amap, NULL);
+		uvmfault_unlockall(ufi, amap, uobj);
 		if (anon == NULL)
 			counters_inc(uvmexp_counters, flt_noanon);
 		else {