Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 3 Nov 2011 18:55:18 +0000 (UTC)
From:      Konstantin Belousov <kib@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org
Subject:   svn commit: r227062 - head/sys/fs/devfs
Message-ID:  <201111031855.pA3ItInA082536@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help 
Author: kib
Date: Thu Nov  3 18:55:18 2011
New Revision: 227062
URL: http://svn.freebsd.org/changeset/base/227062

Log:
  Fix kernel panic when d_fdopen csw method is called for NULL fp.
  This may happen when kernel consumer calls VOP_OPEN().
  
  Reported by:	Tavis Ormandy <taviso  cmpxchg8b com> through delphij
  MFC after:	3 days

Modified:
  head/sys/fs/devfs/devfs_vnops.c

Modified: head/sys/fs/devfs/devfs_vnops.c
==============================================================================
--- head/sys/fs/devfs/devfs_vnops.c	Thu Nov  3 18:33:30 2011	(r227061)
+++ head/sys/fs/devfs/devfs_vnops.c	Thu Nov  3 18:55:18 2011	(r227062)
@@ -1050,6 +1050,10 @@ devfs_open(struct vop_open_args *ap)
 	dsw = dev_refthread(dev, &ref);
 	if (dsw == NULL)
 		return (ENXIO);
+	if (fp == NULL && dsw->d_fdopen != NULL) {
+		dev_relthread(dev, ref);
+		return (ENXIO);
+	}
 
 	vlocked = VOP_ISLOCKED(vp);
 	VOP_UNLOCK(vp, 0);

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201111031855.pA3ItInA082536>