d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix kernel panic when d_fdopen csw method is called for NULL fp.

Browse Source 
This may happen when kernel consumer calls VOP_OPEN().

Reported by:	Tavis Ormandy <taviso  cmpxchg8b com> through delphij
MFC after:	3 days
This commit is contained in:
Konstantin Belousov 2011-11-03 18:55:18 +00:00
parent 3ca1a2d6a0
commit 1fef78c3f0
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
sys/fs/devfs/devfs_vnops.c
View File

@ -1050,6 +1050,10 @@ devfs_open(struct vop_open_args *ap)
dsw = dev_refthread(dev, &ref);
if (dsw == NULL)
return (ENXIO);
if (fp == NULL && dsw->d_fdopen != NULL) {
dev_relthread(dev, ref);
return (ENXIO);
}
vlocked = VOP_ISLOCKED(vp);
VOP_UNLOCK(vp, 0);