Date: Fri, 15 May 2009 19:23:05 +0000 (UTC) From: Konstantin Belousov <kib@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r192151 - head/sys/fs/devfs Message-ID: <200905151923.n4FJN50N032201@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: kib Date: Fri May 15 19:23:05 2009 New Revision: 192151 URL: http://svn.freebsd.org/changeset/base/192151 Log: Devfs replaces file ops vector with devfs-specific one in devfs_open(), before the struct file is fully initialized in vn_open(), in particular, fp->f_vnode is NULL. Other thread calling file operation before f_vnode is set results in NULL pointer dereference in devvn_refthread(). Initialize f_vnode before calling d_fdopen() cdevsw method, that might set file ops too. Reported and tested by: Chris Timmons <cwt networks cwu edu> (RELENG_7 version) MFC after: 3 days Modified: head/sys/fs/devfs/devfs_vnops.c Modified: head/sys/fs/devfs/devfs_vnops.c ============================================================================== --- head/sys/fs/devfs/devfs_vnops.c Fri May 15 19:19:27 2009 (r192150) +++ head/sys/fs/devfs/devfs_vnops.c Fri May 15 19:23:05 2009 (r192151) @@ -942,8 +942,10 @@ devfs_open(struct vop_open_args *ap) fpop = td->td_fpop; td->td_fpop = fp; - if (fp != NULL) + if (fp != NULL) { fp->f_data = dev; + fp->f_vnode = vp; + } if (dsw->d_fdopen != NULL) error = dsw->d_fdopen(dev, ap->a_mode, td, fp); else
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200905151923.n4FJN50N032201>