Avoid crash when opening Coda device: when allocating coda_mntinfo, we

need to initialize dev so that we can actually find the allocated
coda_mntinfo structure later on.

Submitted by:	Jan Harkes <jaharkes@cs.cmu.edu>
Approved by:	re (kensmith)

4 files changed, 20 insertions, 14 deletions

diff --git a/sys/coda/coda_fbsd.c b/sys/coda/coda_fbsd.c
index dd379d7..fe3dcb8 100644
--- a/sys/coda/coda_fbsd.c
+++ b/sys/coda/coda_fbsd.c
@@ -124,6 +124,7 @@ static void coda_fbsd_clone(arg, cred, name, namelen, dev)
     dev_ref(*dev);
     mnt = malloc(sizeof(struct coda_mntinfo), M_CODA, M_WAITOK|M_ZERO);
     LIST_INSERT_HEAD(&coda_mnttbl, mnt, mi_list);
+    mnt->dev = *dev;
 }
 
 struct coda_mntinfo *
@@ -133,8 +134,8 @@ dev2coda_mntinfo(struct cdev *dev)
 
 	LIST_FOREACH(mnt, &coda_mnttbl, mi_list) {
 		if (mnt->dev == dev)
-			break;
+			return mnt;
 	}
 
-	return mnt;
+	return NULL;
 }
diff --git a/sys/coda/coda_psdev.c b/sys/coda/coda_psdev.c
index 56cdbc7..b9a45a9 100644
--- a/sys/coda/coda_psdev.c
+++ b/sys/coda/coda_psdev.c
@@ -129,6 +129,8 @@ vc_nb_open(dev, flag, mode, td)
 	coda_nc_init();
     
     mnt = dev2coda_mntinfo(dev);
+    KASSERT(mnt, ("Coda: tried to open uninitialized cfs device"));
+
     vcp = &mnt->mi_vcomm;
     if (VC_OPEN(vcp))
 	return(EBUSY);
@@ -154,15 +156,15 @@ vc_nb_close (dev, flag, mode, td)
     register struct vcomm *vcp;
     register struct vmsg *vmp, *nvmp = NULL;
     struct coda_mntinfo *mi;
-    int                 err;
+    int err;
 	
     ENTRY;
 
     mi = dev2coda_mntinfo(dev);
-    vcp = &(mi->mi_vcomm);
-    
-    if (!VC_OPEN(vcp))
-	panic("vcclose: not open");
+    KASSERT(mi, ("Coda: closing unknown cfs device"));
+
+    vcp = &mi->mi_vcomm;
+    KASSERT(VC_OPEN(vcp), ("Coda: closing unopened cfs device"));
     
     /* prevent future operations on this vfs from succeeding by auto-
      * unmounting any vfs mounted via this device. This frees user or
diff --git a/sys/fs/coda/coda_fbsd.c b/sys/fs/coda/coda_fbsd.c
index dd379d7..fe3dcb8 100644
--- a/sys/fs/coda/coda_fbsd.c
+++ b/sys/fs/coda/coda_fbsd.c
@@ -124,6 +124,7 @@ static void coda_fbsd_clone(arg, cred, name, namelen, dev)
     dev_ref(*dev);
     mnt = malloc(sizeof(struct coda_mntinfo), M_CODA, M_WAITOK|M_ZERO);
     LIST_INSERT_HEAD(&coda_mnttbl, mnt, mi_list);
+    mnt->dev = *dev;
 }
 
 struct coda_mntinfo *
@@ -133,8 +134,8 @@ dev2coda_mntinfo(struct cdev *dev)
 
 	LIST_FOREACH(mnt, &coda_mnttbl, mi_list) {
 		if (mnt->dev == dev)
-			break;
+			return mnt;
 	}
 
-	return mnt;
+	return NULL;
 }
diff --git a/sys/fs/coda/coda_psdev.c b/sys/fs/coda/coda_psdev.c
index 56cdbc7..b9a45a9 100644
--- a/sys/fs/coda/coda_psdev.c
+++ b/sys/fs/coda/coda_psdev.c
@@ -129,6 +129,8 @@ vc_nb_open(dev, flag, mode, td)
 	coda_nc_init();
     
     mnt = dev2coda_mntinfo(dev);
+    KASSERT(mnt, ("Coda: tried to open uninitialized cfs device"));
+
     vcp = &mnt->mi_vcomm;
     if (VC_OPEN(vcp))
 	return(EBUSY);
@@ -154,15 +156,15 @@ vc_nb_close (dev, flag, mode, td)
     register struct vcomm *vcp;
     register struct vmsg *vmp, *nvmp = NULL;
     struct coda_mntinfo *mi;
-    int                 err;
+    int err;
 	
     ENTRY;
 
     mi = dev2coda_mntinfo(dev);
-    vcp = &(mi->mi_vcomm);
-    
-    if (!VC_OPEN(vcp))
-	panic("vcclose: not open");
+    KASSERT(mi, ("Coda: closing unknown cfs device"));
+
+    vcp = &mi->mi_vcomm;
+    KASSERT(VC_OPEN(vcp), ("Coda: closing unopened cfs device"));
     
     /* prevent future operations on this vfs from succeeding by auto-
      * unmounting any vfs mounted via this device. This frees user or