diff options
| author | David Greenman <dg@FreeBSD.org> | 1996-06-12 03:37:57 +0000 |
|---|---|---|
| committer | David Greenman <dg@FreeBSD.org> | 1996-06-12 03:37:57 +0000 |
| commit | 2f9bae59d66ce0d8d74807af1036164af819f415 (patch) | |
| tree | 0244ce546b0fc6e415af50b64cc8c473ae6be049 /sys/nfs/nfs_node.c | |
| parent | 74ae43213c20d95600f6d890cd539b3bcda44b1d (diff) | |
| download | src-2f9bae59d66ce0d8d74807af1036164af819f415.tar.gz src-2f9bae59d66ce0d8d74807af1036164af819f415.zip | |
Moved the fsnode MALLOC to before the call to getnewvnode() so that the
process won't possibly block before filling in the fsnode pointer (v_data)
which might be dereferenced during a sync since the vnode is put on the
mnt_vnodelist by getnewvnode.
Pointed out by Matt Day <mday@artisoft.com>
Notes
Notes:
svn path=/head/; revision=16312
Diffstat (limited to 'sys/nfs/nfs_node.c')
| -rw-r--r-- | sys/nfs/nfs_node.c | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/sys/nfs/nfs_node.c b/sys/nfs/nfs_node.c index f7cd396fc62c..be3155ca6477 100644 --- a/sys/nfs/nfs_node.c +++ b/sys/nfs/nfs_node.c @@ -34,7 +34,7 @@ * SUCH DAMAGE. * * @(#)nfs_node.c 8.2 (Berkeley) 12/30/93 - * $Id: nfs_node.c,v 1.11 1995/07/22 03:32:18 davidg Exp $ + * $Id: nfs_node.c,v 1.12 1995/10/29 15:32:50 phk Exp $ */ #include <sys/param.h> @@ -138,6 +138,13 @@ loop: goto loop; } nfs_node_hash_lock = 1; + + /* + * Do the MALLOC before the getnewvnode since doing so afterward + * might cause a bogus v_data pointer to get dereferenced + * elsewhere if MALLOC should block. + */ + MALLOC(np, struct nfsnode *, sizeof *np, M_NFSNODE, M_WAITOK); error = getnewvnode(VT_NFS, mntp, nfsv2_vnodeop_p, &nvp); if (error) { @@ -145,10 +152,10 @@ loop: wakeup(&nfs_node_hash_lock); nfs_node_hash_lock = 0; *npp = 0; + FREE(np, M_NFSNODE); return (error); } vp = nvp; - MALLOC(np, struct nfsnode *, sizeof *np, M_NFSNODE, M_WAITOK); bzero((caddr_t)np, sizeof *np); vp->v_data = np; np->n_vnode = vp; |