From f55cf4b0d1db35feaca9649cdcfff059360be3d0 Mon Sep 17 00:00:00 2001
From: Mateusz Guzik <mjg@FreeBSD.org>
Date: Thu, 30 Oct 2014 07:21:38 +0000
Subject: [PATCH] filedesc: make sure to force table reload in fget_unlocked
 when count == 0

This is a fixup to r273843.
---
 sys/kern/kern_descrip.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/sys/kern/kern_descrip.c b/sys/kern/kern_descrip.c
index 293522374b6e..dfa424293bcf 100644
--- a/sys/kern/kern_descrip.c
+++ b/sys/kern/kern_descrip.c
@@ -2362,7 +2362,12 @@ fget_unlocked(struct filedesc *fdp, int fd, cap_rights_t *needrightsp,
 	retry:
 		count = fp->f_count;
 		if (count == 0) {
-			fdt = fdp->fd_files;
+			/*
+			 * Force a reload. Other thread could reallocate the
+			 * table before this fd was closed, so it possible that
+			 * there is a stale fp pointer in cached version.
+			 */
+			fdt = *(struct fdescenttbl * volatile *)&(fdp->fd_files);
 			continue;
 		}
 		/*