svn commit: r192151 - head/sys/fs/devfs
Konstantin Belousov
kib at FreeBSD.org
Fri May 15 19:23:06 UTC 2009
Author: kib
Date: Fri May 15 19:23:05 2009
New Revision: 192151
URL: http://svn.freebsd.org/changeset/base/192151
Log:
Devfs replaces file ops vector with devfs-specific one in devfs_open(),
before the struct file is fully initialized in vn_open(), in particular,
fp->f_vnode is NULL. Other thread calling file operation before f_vnode
is set results in NULL pointer dereference in devvn_refthread().
Initialize f_vnode before calling d_fdopen() cdevsw method, that might
set file ops too.
Reported and tested by: Chris Timmons <cwt networks cwu edu>
(RELENG_7 version)
MFC after: 3 days
Modified:
head/sys/fs/devfs/devfs_vnops.c
Modified: head/sys/fs/devfs/devfs_vnops.c
==============================================================================
--- head/sys/fs/devfs/devfs_vnops.c Fri May 15 19:19:27 2009 (r192150)
+++ head/sys/fs/devfs/devfs_vnops.c Fri May 15 19:23:05 2009 (r192151)
@@ -942,8 +942,10 @@ devfs_open(struct vop_open_args *ap)
fpop = td->td_fpop;
td->td_fpop = fp;
- if (fp != NULL)
+ if (fp != NULL) {
fp->f_data = dev;
+ fp->f_vnode = vp;
+ }
if (dsw->d_fdopen != NULL)
error = dsw->d_fdopen(dev, ap->a_mode, td, fp);
else
More information about the svn-src-all
mailing list