diff options
| author | kib <kib@FreeBSD.org> | 2009-05-15 19:23:05 +0000 |
|---|---|---|
| committer | kib <kib@FreeBSD.org> | 2009-05-15 19:23:05 +0000 |
| commit | cd869a4a4264d97fea3fa87557bf8d06e7c86e31 (patch) | |
| tree | 857a77315e158a8d426b5c69a7b01eec3f963232 /sys/fs | |
| parent | 9c36d077f5eace55ffae74855463708b1ab049c5 (diff) | |
| download | FreeBSD-src-cd869a4a4264d97fea3fa87557bf8d06e7c86e31.zip FreeBSD-src-cd869a4a4264d97fea3fa87557bf8d06e7c86e31.tar.gz | |
Devfs replaces file ops vector with devfs-specific one in devfs_open(),
before the struct file is fully initialized in vn_open(), in particular,
fp->f_vnode is NULL. Other thread calling file operation before f_vnode
is set results in NULL pointer dereference in devvn_refthread().
Initialize f_vnode before calling d_fdopen() cdevsw method, that might
set file ops too.
Reported and tested by: Chris Timmons <cwt networks cwu edu>
(RELENG_7 version)
MFC after: 3 days
Diffstat (limited to 'sys/fs')
| -rw-r--r-- | sys/fs/devfs/devfs_vnops.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/sys/fs/devfs/devfs_vnops.c b/sys/fs/devfs/devfs_vnops.c index ece9559..c637ea8 100644 --- a/sys/fs/devfs/devfs_vnops.c +++ b/sys/fs/devfs/devfs_vnops.c @@ -942,8 +942,10 @@ devfs_open(struct vop_open_args *ap) fpop = td->td_fpop; td->td_fpop = fp; - if (fp != NULL) + if (fp != NULL) { fp->f_data = dev; + fp->f_vnode = vp; + } if (dsw->d_fdopen != NULL) error = dsw->d_fdopen(dev, ap->a_mode, td, fp); else |
