Hi,
When calling revoke(2) on a no-tty device, we return ENOTTY without
relaxing the vnode obtained with namei().
Use the error code path instead to call vrele(vp) before returning
ENOTTY.
OK ?
--
Sebastien Marie
Index: kern/vfs_syscalls.c
===================================================================
RCS file: /cvs/src/sys/kern/vfs_syscalls.c,v
retrieving revision 1.257
diff -u -p -r1.257 vfs_syscalls.c
--- kern/vfs_syscalls.c 26 Jun 2016 14:27:14 -0000 1.257
+++ kern/vfs_syscalls.c 26 Jun 2016 16:21:29 -0000
@@ -2796,8 +2801,10 @@ sys_revoke(struct proc *p, void *v, regi
return (error);
vp = nd.ni_vp;
if (vp->v_type != VCHR || (u_int)major(vp->v_rdev) >= nchrdev ||
- cdevsw[major(vp->v_rdev)].d_type != D_TTY)
- return (ENOTTY);
+ cdevsw[major(vp->v_rdev)].d_type != D_TTY) {
+ error = ENOTTY;
+ goto out;
+ }
if ((error = VOP_GETATTR(vp, &vattr, p->p_ucred, p)) != 0)
goto out;
if (p->p_ucred->cr_uid != vattr.va_uid &&
