From 6634e42976a701b01eb967c1b46dc3f27ac64ef0 Mon Sep 17 00:00:00 2001
From: pjd <pjd@FreeBSD.org>
Date: Thu, 14 Jun 2012 12:41:21 +0000
Subject: When we are closing capabilities during exec, we want to call
 mq_fdclose() on the underlying object and not on the capability itself.

Similar bug was fixed in r236853.

MFC after:	1 month
---
 sys/kern/kern_descrip.c | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

(limited to 'sys/kern')

diff --git a/sys/kern/kern_descrip.c b/sys/kern/kern_descrip.c
index 5a9f9e1..09343fa 100644
--- a/sys/kern/kern_descrip.c
+++ b/sys/kern/kern_descrip.c
@@ -2025,7 +2025,7 @@ void
 fdcloseexec(struct thread *td)
 {
 	struct filedesc *fdp;
-	struct file *fp;
+	struct file *fp, *fp_object;
 	int i;
 
 	/* Certain daemons might not have file descriptors. */
@@ -2050,8 +2050,14 @@ fdcloseexec(struct thread *td)
 			fdp->fd_ofileflags[i] = 0;
 			fdunused(fdp, i);
 			knote_fdclose(td, i);
-			if (fp->f_type == DTYPE_MQUEUE)
-				mq_fdclose(td, i, fp);
+			/*
+			 * When we're closing an fd with a capability, we need
+			 * to notify mqueue if the underlying object is of type
+			 * mqueue.
+			 */
+			(void)cap_funwrap(fp, 0, &fp_object);
+			if (fp_object->f_type == DTYPE_MQUEUE)
+				mq_fdclose(td, i, fp_object);
 			FILEDESC_XUNLOCK(fdp);
 			(void) closef(fp, td);
 			FILEDESC_XLOCK(fdp);
-- 
cgit v1.1