Do a FREF/FRELE dance after calling fd_getfile().

This should be enought to prevent `fp' to disapear while sleeping in
malloc(9).

ok helg@

diff --git a/sys/miscfs/fuse/fuse_vfsops.c b/sys/miscfs/fuse/fuse_vfsops.c
index e4affbf..7867ff6 100644 (file)
--- a/sys/miscfs/fuse/fuse_vfsops.c
+++ b/sys/miscfs/fuse/fuse_vfsops.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: fuse_vfsops.c,v 1.30 2017/12/11 05:27:40 deraadt Exp $ */
+/* $OpenBSD: fuse_vfsops.c,v 1.31 2018/01/04 10:51:11 mpi Exp $ */
 /*
  * Copyright (c) 2012-2013 Sylvestre Gallon <ccna.syl@gmail.com>
  *
@@ -77,19 +77,25 @@ fusefs_mount(struct mount *mp, const char *path, void *data,
        struct fusefs_args *args = data;
        struct vnode *vp;
        struct file *fp;
+       int error = 0;
 
        if (mp->mnt_flag & MNT_UPDATE)
                return (EOPNOTSUPP);
 
        if ((fp = fd_getfile(p->p_fd, args->fd)) == NULL)
                return (EBADF);
+       FREF(fp);
 
-       if (fp->f_type != DTYPE_VNODE)
-               return (EINVAL);
+       if (fp->f_type != DTYPE_VNODE) {
+               error = EINVAL;
+               goto bad;
+       }
 
        vp = fp->f_data;
-       if (vp->v_type != VCHR)
-               return (EBADF);
+       if (vp->v_type != VCHR) {
+               error = EBADF;
+               goto bad;
+       }
 
        fmp = malloc(sizeof(*fmp), M_FUSEFS, M_WAITOK | M_ZERO);
        fmp->mp = mp;
@@ -117,7 +123,9 @@ fusefs_mount(struct mount *mp, const char *path, void *data,
        /* cannot tsleep on mount */
        fuse_device_queue_fbuf(fmp->dev, fbuf);
 
-       return (0);
+bad:
+       FRELE(fp, p);
+       return (error);
 }
 
 int