Index: i386/ibcs2/imgact_coff.c
===================================================================
RCS file: /home/ncvs/src/sys/i386/ibcs2/imgact_coff.c,v
retrieving revision 1.38
diff -u -u -6 -7 -r1.38 imgact_coff.c
--- imgact_coff.c	1999/10/29 18:08:39	1.38
+++ imgact_coff.c	1999/11/14 17:18:56
@@ -150,134 +150,136 @@
 static int
 coff_load_file(struct proc *p, char *name)
 {
   	struct vmspace *vmspace = p->p_vmspace;
   	int error;
   	struct nameidata nd;
   	struct vnode *vp;
   	struct vattr attr;
   	struct filehdr *fhdr;
   	struct aouthdr *ahdr;
   	struct scnhdr *scns;
   	char *ptr = 0;
   	int nscns;
   	unsigned long text_offset = 0, text_address = 0, text_size = 0;
   	unsigned long data_offset = 0, data_address = 0, data_size = 0;
   	unsigned long bss_size = 0;
   	int i;
 
 	/* XXX use of 'curproc' should be 'p'?*/
 	NDINIT(&nd, LOOKUP, LOCKLEAF | FOLLOW | SAVENAME, UIO_SYSSPACE, name, curproc);
 
   	error = namei(&nd);
   	if (error)
     		return error;
 
   	vp = nd.ni_vp;
   	if (vp == NULL)
     		return ENOEXEC;
 
   	if (vp->v_writecount) {
     		error = ETXTBSY;
     		goto fail;
   	}
 
   	if ((error = VOP_GETATTR(vp, &attr, p->p_ucred, p)) != 0)
     		goto fail;
 
   	if ((vp->v_mount->mnt_flag & MNT_NOEXEC)
 	    || ((attr.va_mode & 0111) == 0)
 	    || (attr.va_type != VREG))
     		goto fail;
 
   	if (attr.va_size == 0) {
     		error = ENOEXEC;
     		goto fail;
   	}
 
   	if ((error = VOP_ACCESS(vp, VEXEC, p->p_ucred, p)) != 0)
     		goto fail;
 
   	if ((error = VOP_OPEN(vp, FREAD, p->p_ucred, p)) != 0)
     		goto fail;
 
 	/*
 	 * Lose the lock on the vnode. It's no longer needed, and must not
 	 * exist for the pagefault paging to work below.
 	 */
 	VOP_UNLOCK(vp, 0, p);
 
   	if ((error = vm_mmap(kernel_map,
 			    (vm_offset_t *) &ptr,
 			    PAGE_SIZE,
 			    VM_PROT_READ,
 		       	    VM_PROT_READ,
 			    0,
 			    (caddr_t) vp,
 			    0)) != 0)
-    	goto fail;
+		goto unlocked_fail;
 
   	fhdr = (struct filehdr *)ptr;
 
   	if (fhdr->f_magic != I386_COFF) {
     		error = ENOEXEC;
     		goto dealloc_and_fail;
   	}
 
   	nscns = fhdr->f_nscns;
 
   	if ((nscns * sizeof(struct scnhdr)) > PAGE_SIZE) {
     		/*
      		 * XXX -- just fail.  I'm so lazy.
      		 */
     		error = ENOEXEC;
     		goto dealloc_and_fail;
   	}
 
   	ahdr = (struct aouthdr*)(ptr + sizeof(struct filehdr));
 
   	scns = (struct scnhdr*)(ptr + sizeof(struct filehdr)
 			  + sizeof(struct aouthdr));
 
   	for (i = 0; i < nscns; i++) {
     		if (scns[i].s_flags & STYP_NOLOAD)
       			continue;
     		else if (scns[i].s_flags & STYP_TEXT) {
       			text_address = scns[i].s_vaddr;
       			text_size = scns[i].s_size;
       			text_offset = scns[i].s_scnptr;
     		}
 		else if (scns[i].s_flags & STYP_DATA) {
       			data_address = scns[i].s_vaddr;
       			data_size = scns[i].s_size;
       			data_offset = scns[i].s_scnptr;
     		} else if (scns[i].s_flags & STYP_BSS) {
       			bss_size = scns[i].s_size;
     		}
   	}
 
   	if ((error = load_coff_section(vmspace, vp, text_offset,
 				      (caddr_t)(void *)(uintptr_t)text_address,
 				      text_size, text_size,
 				      VM_PROT_READ | VM_PROT_EXECUTE)) != 0) {
     		goto dealloc_and_fail;
   	}
   	if ((error = load_coff_section(vmspace, vp, data_offset,
 				      (caddr_t)(void *)(uintptr_t)data_address,
 				      data_size + bss_size, data_size,
 				      VM_PROT_ALL)) != 0) {
     		goto dealloc_and_fail;
   	}
 
   	error = 0;
 
- 	dealloc_and_fail:
+ dealloc_and_fail:
 	if (vm_map_remove(kernel_map,
 			  (vm_offset_t) ptr,
 			  (vm_offset_t) ptr + PAGE_SIZE))
     		panic(__FUNCTION__ " vm_map_remove failed");
 
  fail:
-    vput(nd.ni_vp);
+	VOP_UNLOCK(vp, 0, p);
+ unlocked_fail:
+	vrele(nd.ni_vp);
 	zfree(namei_zone, nd.ni_cnd.cn_pnbuf);
   	return error;
 }