From ad5e83dd3c30aa3400dbe6b2bcfb72036bdc8b38 Mon Sep 17 00:00:00 2001 From: Mariusz Zaborski Date: Fri, 23 Sep 2016 08:13:46 +0000 Subject: [PATCH] fd: fix up fget_cap If the kernel is not compiled with the CAPABILITIES kernel options fget_unlocked doesn't return the sequence number so fd_modify will always report modification, in that case we got infinity loop. Reported by: br Reviewed by: mjg Tested by: br, def --- sys/kern/kern_descrip.c | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/sys/kern/kern_descrip.c b/sys/kern/kern_descrip.c index 5c6ac893441..55d5e441f48 100644 --- a/sys/kern/kern_descrip.c +++ b/sys/kern/kern_descrip.c @@ -2480,12 +2480,16 @@ int fget_cap(struct thread *td, int fd, cap_rights_t *needrightsp, struct file **fpp, struct filecaps *havecapsp) { - struct filedesc *fdp; - struct file *fp; + struct filedesc *fdp = td->td_proc->p_fd; int error; +#ifndef CAPABILITIES + error = fget_unlocked(fdp, fd, needrightsp, fpp, NULL); + if (error == 0 && havecapsp != NULL) + filecaps_fill(havecapsp); +#else + struct file *fp; seq_t seq; - fdp = td->td_proc->p_fd; for (;;) { error = fget_unlocked(fdp, fd, needrightsp, &fp, &seq); if (error != 0) @@ -2513,7 +2517,7 @@ fget_cap(struct thread *td, int fd, cap_rights_t *needrightsp, if (error == 0) fhold(*fpp); FILEDESC_SUNLOCK(fdp); - +#endif return (error); }