From 53146562fd3425516085347696e75484469eed77 Mon Sep 17 00:00:00 2001
From: mpi <mpi@openbsd.org>
Date: Thu, 4 Jan 2018 10:51:11 +0000
Subject: [PATCH] Do a FREF/FRELE dance after calling fd_getfile().

This should be enought to prevent `fp' to disapear while sleeping in
malloc(9).

ok helg@
---
 sys/miscfs/fuse/fuse_vfsops.c | 20 ++++++++++++++------
 1 file changed, 14 insertions(+), 6 deletions(-)

diff --git a/sys/miscfs/fuse/fuse_vfsops.c b/sys/miscfs/fuse/fuse_vfsops.c
index e4affbf5888..7867ff60579 100644
--- a/sys/miscfs/fuse/fuse_vfsops.c
+++ b/sys/miscfs/fuse/fuse_vfsops.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: fuse_vfsops.c,v 1.30 2017/12/11 05:27:40 deraadt Exp $ */
+/* $OpenBSD: fuse_vfsops.c,v 1.31 2018/01/04 10:51:11 mpi Exp $ */
 /*
  * Copyright (c) 2012-2013 Sylvestre Gallon <ccna.syl@gmail.com>
  *
@@ -77,19 +77,25 @@ fusefs_mount(struct mount *mp, const char *path, void *data,
 	struct fusefs_args *args = data;
 	struct vnode *vp;
 	struct file *fp;
+	int error = 0;
 
 	if (mp->mnt_flag & MNT_UPDATE)
 		return (EOPNOTSUPP);
 
 	if ((fp = fd_getfile(p->p_fd, args->fd)) == NULL)
 		return (EBADF);
+	FREF(fp);
 
-	if (fp->f_type != DTYPE_VNODE)
-		return (EINVAL);
+	if (fp->f_type != DTYPE_VNODE) {
+		error = EINVAL;
+		goto bad;
+	}
 
 	vp = fp->f_data;
-	if (vp->v_type != VCHR)
-		return (EBADF);
+	if (vp->v_type != VCHR) {
+		error = EBADF;
+		goto bad;
+	}
 
 	fmp = malloc(sizeof(*fmp), M_FUSEFS, M_WAITOK | M_ZERO);
 	fmp->mp = mp;
@@ -117,7 +123,9 @@ fusefs_mount(struct mount *mp, const char *path, void *data,
 	/* cannot tsleep on mount */
 	fuse_device_queue_fbuf(fmp->dev, fbuf);
 
-	return (0);
+bad:
+	FRELE(fp, p);
+	return (error);
 }
 
 int
-- 
2.20.1