Author: kib
Date: Thu Nov 3 18:55:18 2011
New Revision: 227062
URL: http://svn.freebsd.org/changeset/base/227062
Log:
Fix kernel panic when d_fdopen csw method is called for NULL fp.
This may happen when kernel consumer calls VOP_OPEN().
Reported by: Tavis Ormandy <taviso cmpxchg8b com> through delphij
MFC after: 3 days
Modified:
head/sys/fs/devfs/devfs_vnops.c
Modified: head/sys/fs/devfs/devfs_vnops.c
==============================================================================
--- head/sys/fs/devfs/devfs_vnops.c Thu Nov 3 18:33:30 2011
(r227061)
+++ head/sys/fs/devfs/devfs_vnops.c Thu Nov 3 18:55:18 2011
(r227062)
@@ -1050,6 +1050,10 @@ devfs_open(struct vop_open_args *ap)
dsw = dev_refthread(dev, &ref);
if (dsw == NULL)
return (ENXIO);
+ if (fp == NULL && dsw->d_fdopen != NULL) {
+ dev_relthread(dev, ref);
+ return (ENXIO);
+ }
vlocked = VOP_ISLOCKED(vp);
VOP_UNLOCK(vp, 0);
_______________________________________________
svn-src-head@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
