Instead of incrementing `f_count' directly, we'll use the reference that
will be returned by fd_getfile(9). For that call FREF(9) earlier.
ok?
Index: kern/kern_descrip.c
===================================================================
RCS file: /cvs/src/sys/kern/kern_descrip.c,v
retrieving revision 1.147
diff -u -p -r1.147 kern_descrip.c
--- kern/kern_descrip.c 9 Apr 2018 13:59:03 -0000 1.147
+++ kern/kern_descrip.c 10 Apr 2018 10:53:33 -0000
@@ -1297,22 +1297,26 @@ dupfdopen(struct proc *p, int indx, int
*/
if ((wfp = fd_getfile(fdp, dupfd)) == NULL)
return (EBADF);
+ FREF(wfp);
/*
* Check that the mode the file is being opened for is a
* subset of the mode of the existing descriptor.
*/
- if (((mode & (FREAD|FWRITE)) | wfp->f_flag) != wfp->f_flag)
+ if (((mode & (FREAD|FWRITE)) | wfp->f_flag) != wfp->f_flag) {
+ FRELE(wfp, p);
return (EACCES);
- if (wfp->f_count == LONG_MAX-2)
+ }
+ if (wfp->f_count == LONG_MAX-2) {
+ FRELE(wfp, p);
return (EDEADLK);
+ }
fdp->fd_ofiles[indx] = wfp;
fdp->fd_ofileflags[indx] = (fdp->fd_ofileflags[indx] & UF_EXCLOSE) |
(fdp->fd_ofileflags[dupfd] & ~UF_EXCLOSE);
if (ISSET(p->p_p->ps_flags, PS_PLEDGE))
fdp->fd_ofileflags[indx] |= UF_PLEDGED;
- wfp->f_count++;
fd_used(fdp, indx);
return (0);
}
