summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorrwatson <rwatson@FreeBSD.org>2007-07-11 20:39:53 +0000
committerrwatson <rwatson@FreeBSD.org>2007-07-11 20:39:53 +0000
commit3287a2c53fcfb6141e98f687b8bc2a5df5fdc418 (patch)
tree72d4595c5d531da5e33d28a645ab6f54df2c401c
parent33e96346efa30f1edc600237f9c28416c1364c7b (diff)
downloadFreeBSD-src-3287a2c53fcfb6141e98f687b8bc2a5df5fdc418.zip
FreeBSD-src-3287a2c53fcfb6141e98f687b8bc2a5df5fdc418.tar.gz
Avoid crash when opening Coda device: when allocating coda_mntinfo, we
need to initialize dev so that we can actually find the allocated coda_mntinfo structure later on. Submitted by: Jan Harkes <jaharkes@cs.cmu.edu> Approved by: re (kensmith)
-rw-r--r--sys/coda/coda_fbsd.c5
-rw-r--r--sys/coda/coda_psdev.c12
-rw-r--r--sys/fs/coda/coda_fbsd.c5
-rw-r--r--sys/fs/coda/coda_psdev.c12
4 files changed, 20 insertions, 14 deletions
diff --git a/sys/coda/coda_fbsd.c b/sys/coda/coda_fbsd.c
index dd379d7..fe3dcb8 100644
--- a/sys/coda/coda_fbsd.c
+++ b/sys/coda/coda_fbsd.c
@@ -124,6 +124,7 @@ static void coda_fbsd_clone(arg, cred, name, namelen, dev)
dev_ref(*dev);
mnt = malloc(sizeof(struct coda_mntinfo), M_CODA, M_WAITOK|M_ZERO);
LIST_INSERT_HEAD(&coda_mnttbl, mnt, mi_list);
+ mnt->dev = *dev;
}
struct coda_mntinfo *
@@ -133,8 +134,8 @@ dev2coda_mntinfo(struct cdev *dev)
LIST_FOREACH(mnt, &coda_mnttbl, mi_list) {
if (mnt->dev == dev)
- break;
+ return mnt;
}
- return mnt;
+ return NULL;
}
diff --git a/sys/coda/coda_psdev.c b/sys/coda/coda_psdev.c
index 56cdbc7..b9a45a9 100644
--- a/sys/coda/coda_psdev.c
+++ b/sys/coda/coda_psdev.c
@@ -129,6 +129,8 @@ vc_nb_open(dev, flag, mode, td)
coda_nc_init();
mnt = dev2coda_mntinfo(dev);
+ KASSERT(mnt, ("Coda: tried to open uninitialized cfs device"));
+
vcp = &mnt->mi_vcomm;
if (VC_OPEN(vcp))
return(EBUSY);
@@ -154,15 +156,15 @@ vc_nb_close (dev, flag, mode, td)
register struct vcomm *vcp;
register struct vmsg *vmp, *nvmp = NULL;
struct coda_mntinfo *mi;
- int err;
+ int err;
ENTRY;
mi = dev2coda_mntinfo(dev);
- vcp = &(mi->mi_vcomm);
-
- if (!VC_OPEN(vcp))
- panic("vcclose: not open");
+ KASSERT(mi, ("Coda: closing unknown cfs device"));
+
+ vcp = &mi->mi_vcomm;
+ KASSERT(VC_OPEN(vcp), ("Coda: closing unopened cfs device"));
/* prevent future operations on this vfs from succeeding by auto-
* unmounting any vfs mounted via this device. This frees user or
diff --git a/sys/fs/coda/coda_fbsd.c b/sys/fs/coda/coda_fbsd.c
index dd379d7..fe3dcb8 100644
--- a/sys/fs/coda/coda_fbsd.c
+++ b/sys/fs/coda/coda_fbsd.c
@@ -124,6 +124,7 @@ static void coda_fbsd_clone(arg, cred, name, namelen, dev)
dev_ref(*dev);
mnt = malloc(sizeof(struct coda_mntinfo), M_CODA, M_WAITOK|M_ZERO);
LIST_INSERT_HEAD(&coda_mnttbl, mnt, mi_list);
+ mnt->dev = *dev;
}
struct coda_mntinfo *
@@ -133,8 +134,8 @@ dev2coda_mntinfo(struct cdev *dev)
LIST_FOREACH(mnt, &coda_mnttbl, mi_list) {
if (mnt->dev == dev)
- break;
+ return mnt;
}
- return mnt;
+ return NULL;
}
diff --git a/sys/fs/coda/coda_psdev.c b/sys/fs/coda/coda_psdev.c
index 56cdbc7..b9a45a9 100644
--- a/sys/fs/coda/coda_psdev.c
+++ b/sys/fs/coda/coda_psdev.c
@@ -129,6 +129,8 @@ vc_nb_open(dev, flag, mode, td)
coda_nc_init();
mnt = dev2coda_mntinfo(dev);
+ KASSERT(mnt, ("Coda: tried to open uninitialized cfs device"));
+
vcp = &mnt->mi_vcomm;
if (VC_OPEN(vcp))
return(EBUSY);
@@ -154,15 +156,15 @@ vc_nb_close (dev, flag, mode, td)
register struct vcomm *vcp;
register struct vmsg *vmp, *nvmp = NULL;
struct coda_mntinfo *mi;
- int err;
+ int err;
ENTRY;
mi = dev2coda_mntinfo(dev);
- vcp = &(mi->mi_vcomm);
-
- if (!VC_OPEN(vcp))
- panic("vcclose: not open");
+ KASSERT(mi, ("Coda: closing unknown cfs device"));
+
+ vcp = &mi->mi_vcomm;
+ KASSERT(VC_OPEN(vcp), ("Coda: closing unopened cfs device"));
/* prevent future operations on this vfs from succeeding by auto-
* unmounting any vfs mounted via this device. This frees user or
OpenPOWER on IntegriCloud