From 5abb3d76c581c253556b2d9da090f7df2080107f Mon Sep 17 00:00:00 2001
From: Shawn Webb <shawn.webb@hardenedbsd.org>
Date: Tue, 20 Dec 2016 19:15:40 -0500
Subject: [PATCH] HBSD SEGVGUARD: Check if SEGVGUARD is active before doing any
 work

Simply move the check if SEGVGUARD is active to the top of the functions
that utilize the check. No need to waste CPU cycles if SEGVGUARD isn't
active.

Signed-off-by:	Shawn Webb <shawn.webb@hardenedbsd.org>
MFC-to:		10-STABLE
MFC-to:		11-STABLE
(cherry picked from commit 94ec671827b6e75e180324424847c6210c3ffaca)
---
 sys/hardenedbsd/hbsd_pax_segvguard.c | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/sys/hardenedbsd/hbsd_pax_segvguard.c b/sys/hardenedbsd/hbsd_pax_segvguard.c
index 0a21f628102..5946a239028 100644
--- a/sys/hardenedbsd/hbsd_pax_segvguard.c
+++ b/sys/hardenedbsd/hbsd_pax_segvguard.c
@@ -444,15 +444,15 @@ pax_segvguard_segfault(struct thread *td, const char *name)
 	struct vnode *v;
 	sbintime_t sbt;
 
+	if (pax_segvguard_active(td->td_proc) == false)
+		return (0);
+
 	v = td->td_proc->p_textvp;
 	if (v == NULL)
 		return (EFAULT);
 
 	pr = pax_get_prison_td(td);
 
-	if (pax_segvguard_active(td->td_proc) == false)
-		return (0);
-
 	sbt = sbinuptime();
 
 	se = pax_segvguard_lookup(td, v);
@@ -495,12 +495,12 @@ pax_segvguard_check(struct thread *td, struct vnode *v, const char *name)
 	struct pax_segvguard_entry *se;
 	sbintime_t sbt;
 
-	if (v == NULL)
-		return (EFAULT);
-
 	if (pax_segvguard_active(td->td_proc) == false)
 		return (0);
 
+	if (v == NULL)
+		return (EFAULT);
+
 	sbt = sbinuptime();
 
 	se = pax_segvguard_lookup(td, v);