diff options
| author | Konstantin Belousov <kib@FreeBSD.org> | 2011-11-03 18:55:18 +0000 |
|---|---|---|
| committer | Konstantin Belousov <kib@FreeBSD.org> | 2011-11-03 18:55:18 +0000 |
| commit | 1fef78c3f02e285cac38e9b81161793a71c15bd3 (patch) | |
| tree | 3169bc7e19ab37bc304240ab8390ce40f754a985 /sys/fs | |
| parent | 3ca1a2d6a0fb7e7fea68317cc2acf935ee41542a (diff) | |
| download | src-1fef78c3f02e285cac38e9b81161793a71c15bd3.tar.gz src-1fef78c3f02e285cac38e9b81161793a71c15bd3.zip | |
Fix kernel panic when d_fdopen csw method is called for NULL fp.
This may happen when kernel consumer calls VOP_OPEN().
Reported by: Tavis Ormandy <taviso cmpxchg8b com> through delphij
MFC after: 3 days
Notes
Notes:
svn path=/head/; revision=227062
Diffstat (limited to 'sys/fs')
| -rw-r--r-- | sys/fs/devfs/devfs_vnops.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/sys/fs/devfs/devfs_vnops.c b/sys/fs/devfs/devfs_vnops.c index 68ab7ce9d94b..41bc0b80c9ce 100644 --- a/sys/fs/devfs/devfs_vnops.c +++ b/sys/fs/devfs/devfs_vnops.c @@ -1050,6 +1050,10 @@ devfs_open(struct vop_open_args *ap) dsw = dev_refthread(dev, &ref); if (dsw == NULL) return (ENXIO); + if (fp == NULL && dsw->d_fdopen != NULL) { + dev_relthread(dev, ref); + return (ENXIO); + } vlocked = VOP_ISLOCKED(vp); VOP_UNLOCK(vp, 0); |