Date: Mon, 8 Jun 2009 13:34:45 +0000 (UTC) From: Konstantin Belousov <kib@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r193714 - head/sys/kern Message-ID: <200906081334.n58DYjKs030726@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: kib Date: Mon Jun 8 13:34:45 2009 New Revision: 193714 URL: http://svn.freebsd.org/changeset/base/193714 Log: Do not dereference vp->v_rdev without holding any of dev_mtx or vnode lock. Use code similar to devfs_fp_check(), but inlined to feet other checks performed by ttyhook_register(). Reviewed by: ed Modified: head/sys/kern/tty.c Modified: head/sys/kern/tty.c ============================================================================== --- head/sys/kern/tty.c Mon Jun 8 13:31:27 2009 (r193713) +++ head/sys/kern/tty.c Mon Jun 8 13:34:45 2009 (r193714) @@ -1742,19 +1742,31 @@ ttyhook_register(struct tty **rtp, struc goto done1; } - /* Make sure the vnode is bound to a character device. */ - error = EINVAL; - if (fp->f_type != DTYPE_VNODE || fp->f_vnode->v_type != VCHR || - fp->f_vnode->v_rdev == NULL) + /* + * Make sure the vnode is bound to a character device. + * Unlocked check for the vnode type is ok there, because we + * only shall prevent calling devvn_refthread on the file that + * never has been opened over a character device. + */ + if (fp->f_type != DTYPE_VNODE || fp->f_vnode->v_type != VCHR) { + error = EINVAL; goto done1; - dev = fp->f_vnode->v_rdev; + } /* Make sure it is a TTY. */ - cdp = dev_refthread(dev); - if (cdp == NULL) + cdp = devvn_refthread(fp->f_vnode, &dev); + if (cdp == NULL) { + error = ENXIO; goto done1; - if (cdp != &ttydev_cdevsw) + } + if (dev != fp->f_data) { + error = ENXIO; goto done2; + } + if (cdp != &ttydev_cdevsw) { + error = ENOTTY; + goto done2; + } tp = dev->si_drv1; /* Try to attach the hook to the TTY. */
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200906081334.n58DYjKs030726>