From 19f5fdb5977c450b833eab7e7103e24002f138ad Mon Sep 17 00:00:00 2001
From: Alan Cox <alan@etchedpixels.co.uk>
Date: Sat, 22 Nov 2014 00:48:18 +0000
Subject: [PATCH] _open: fix static corruptor

We can block in a tty open, which if another open then occurs leaves
the staticfast "ino" corrupted. Save it in a temporary variable so that
for we still get almost all the benefit of staticfast here.
---
 Kernel/syscall_fs2.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/Kernel/syscall_fs2.c b/Kernel/syscall_fs2.c
index 24754461..3342d5f9 100644
--- a/Kernel/syscall_fs2.c
+++ b/Kernel/syscall_fs2.c
@@ -409,6 +409,7 @@ int16_t _open(void)
 	int8_t uindex;
 	int8_t oftindex;
 	staticfast inoptr ino;
+	inoptr itmp;
 	int16_t perm;
 	staticfast inoptr parent;
 	char fname[FILENAME_LEN + 1];
@@ -471,11 +472,16 @@ int16_t _open(void)
 		udata.u_error = EISDIR;
 		goto cantopen;
 	}
+	itmp = ino;
+	/* d_open may block and thus ino may become invalid as may
+	   parent (but we don't need it again) */
 	if (isdevice(ino)
 	    && d_open((int) ino->c_node.i_addr[0], flag) != 0) {
 		udata.u_error = ENXIO;
 		goto cantopen;
 	}
+	/* get the static pointer back */
+	ino = itmp;
 	if (trunc && getmode(ino) == F_REG) {
 		f_trunc(ino);
 		for (j = 0; j < OFTSIZE; ++j)
@@ -499,6 +505,8 @@ int16_t _open(void)
 	    && !(flag & O_NDELAY))
 		psleep(ino);
 
+        /* From the moment of the psleep ino is invalid */
+
 	return (uindex);
       idrop:
 	i_deref(ino);
-- 
2.34.1