diff options
| -rw-r--r-- | sys/fs/fdescfs/fdesc_vnops.c | 14 | ||||
| -rw-r--r-- | sys/fs/msdosfs/msdosfs_denode.c | 12 | ||||
| -rw-r--r-- | sys/fs/nullfs/null_subr.c | 14 | ||||
| -rw-r--r-- | sys/fs/portalfs/portal_vfsops.c | 19 | ||||
| -rw-r--r-- | sys/fs/portalfs/portal_vnops.c | 18 | ||||
| -rw-r--r-- | sys/fs/procfs/procfs_subr.c | 18 | ||||
| -rw-r--r-- | sys/fs/umapfs/umap_subr.c | 18 | ||||
| -rw-r--r-- | sys/miscfs/fdesc/fdesc_vnops.c | 14 | ||||
| -rw-r--r-- | sys/miscfs/kernfs/kernfs_vfsops.c | 11 | ||||
| -rw-r--r-- | sys/miscfs/nullfs/null_subr.c | 14 | ||||
| -rw-r--r-- | sys/miscfs/portal/portal_vfsops.c | 19 | ||||
| -rw-r--r-- | sys/miscfs/portal/portal_vnops.c | 18 | ||||
| -rw-r--r-- | sys/miscfs/procfs/procfs_subr.c | 18 | ||||
| -rw-r--r-- | sys/miscfs/umapfs/umap_subr.c | 18 | ||||
| -rw-r--r-- | sys/msdosfs/msdosfs_denode.c | 12 | ||||
| -rw-r--r-- | sys/nfs/nfs_node.c | 11 | ||||
| -rw-r--r-- | sys/nfsclient/nfs_node.c | 11 | ||||
| -rw-r--r-- | sys/ufs/ffs/ffs_vfsops.c | 15 | ||||
| -rw-r--r-- | sys/ufs/lfs/lfs_alloc.c | 11 | ||||
| -rw-r--r-- | sys/ufs/mfs/mfs_vfsops.c | 18 |
20 files changed, 223 insertions, 80 deletions
diff --git a/sys/fs/fdescfs/fdesc_vnops.c b/sys/fs/fdescfs/fdesc_vnops.c index bec6bc700af3..c563298346ef 100644 --- a/sys/fs/fdescfs/fdesc_vnops.c +++ b/sys/fs/fdescfs/fdesc_vnops.c @@ -35,7 +35,7 @@ * * @(#)fdesc_vnops.c 8.9 (Berkeley) 1/21/94 * - * $Id: fdesc_vnops.c,v 1.14 1995/12/05 19:12:05 bde Exp $ + * $Id: fdesc_vnops.c,v 1.15 1995/12/08 11:17:40 julian Exp $ */ /* @@ -170,10 +170,18 @@ loop: } fdcache_lock |= FDL_LOCKED; + /* + * Do the MALLOC before the getnewvnode since doing so afterward + * might cause a bogus v_data pointer to get dereferenced + * elsewhere if MALLOC should block. + */ + MALLOC(fd, struct fdescnode *, sizeof(struct fdescnode), M_TEMP, M_WAITOK); + error = getnewvnode(VT_FDESC, mp, fdesc_vnodeop_p, vpp); - if (error) + if (error) { + FREE(fd, M_TEMP); goto out; - MALLOC(fd, void *, sizeof(struct fdescnode), M_TEMP, M_WAITOK); + } (*vpp)->v_data = fd; fd->fd_vnode = *vpp; fd->fd_type = ftype; diff --git a/sys/fs/msdosfs/msdosfs_denode.c b/sys/fs/msdosfs/msdosfs_denode.c index 2f86783c9a3e..bec376ca54c6 100644 --- a/sys/fs/msdosfs/msdosfs_denode.c +++ b/sys/fs/msdosfs/msdosfs_denode.c @@ -1,4 +1,4 @@ -/* $Id: msdosfs_denode.c,v 1.15 1995/12/07 12:47:19 davidg Exp $ */ +/* $Id: msdosfs_denode.c,v 1.16 1996/01/19 03:58:42 dyson Exp $ */ /* $NetBSD: msdosfs_denode.c,v 1.9 1994/08/21 18:44:00 ws Exp $ */ /*- @@ -225,6 +225,12 @@ deget(pmp, dirclust, diroffset, direntptr, depp) return 0; } + /* + * Do the MALLOC before the getnewvnode since doing so afterward + * might cause a bogus v_data pointer to get dereferenced + * elsewhere if MALLOC should block. + */ + MALLOC(ldep, struct denode *, sizeof(struct denode), M_MSDOSFSNODE, M_WAITOK); /* * Directory entry was not in cache, have to create a vnode and @@ -233,10 +239,10 @@ deget(pmp, dirclust, diroffset, direntptr, depp) /* getnewvnode() does a VREF() on the vnode */ error = getnewvnode(VT_MSDOSFS, mntp, msdosfs_vnodeop_p, &nvp); if (error) { - *depp = 0; + *depp = NULL; + FREE(ldep, M_MSDOSFSNODE); return error; } - MALLOC(ldep, struct denode *, sizeof(struct denode), M_MSDOSFSNODE, M_WAITOK); bzero((caddr_t)ldep, sizeof *ldep); nvp->v_data = ldep; ldep->de_vnode = nvp; diff --git a/sys/fs/nullfs/null_subr.c b/sys/fs/nullfs/null_subr.c index e5fa5900ccf9..4123dc2e7d5f 100644 --- a/sys/fs/nullfs/null_subr.c +++ b/sys/fs/nullfs/null_subr.c @@ -35,7 +35,7 @@ * * @(#)null_subr.c 8.4 (Berkeley) 1/21/94 * - * $Id: null_subr.c,v 1.4 1995/12/03 14:38:49 bde Exp $ + * $Id: null_subr.c,v 1.5 1995/12/03 14:54:22 bde Exp $ */ #include <sys/param.h> @@ -162,12 +162,20 @@ null_node_alloc(mp, lowervp, vpp) struct vnode *othervp, *vp; int error; + /* + * Do the MALLOC before the getnewvnode since doing so afterward + * might cause a bogus v_data pointer to get dereferenced + * elsewhere if MALLOC should block. + */ + MALLOC(xp, struct null_node *, sizeof(struct null_node), M_TEMP, M_WAITOK); + error = getnewvnode(VT_NULL, mp, null_vnodeop_p, vpp); - if (error) + if (error) { + FREE(xp, M_TEMP); return (error); + } vp = *vpp; - MALLOC(xp, struct null_node *, sizeof(struct null_node), M_TEMP, M_WAITOK); vp->v_type = lowervp->v_type; xp->null_vnode = vp; vp->v_data = xp; diff --git a/sys/fs/portalfs/portal_vfsops.c b/sys/fs/portalfs/portal_vfsops.c index 6a5b1ba04ca0..500b9ef4089c 100644 --- a/sys/fs/portalfs/portal_vfsops.c +++ b/sys/fs/portalfs/portal_vfsops.c @@ -35,7 +35,7 @@ * * @(#)portal_vfsops.c 8.6 (Berkeley) 1/21/94 * - * $Id: portal_vfsops.c,v 1.9 1995/11/16 11:24:06 bde Exp $ + * $Id: portal_vfsops.c,v 1.10 1995/12/11 09:24:43 phk Exp $ */ /* @@ -105,6 +105,7 @@ portal_mount(mp, path, data, ndp, p) struct portalmount *fmp; struct socket *so; struct vnode *rvp; + struct portalnode *pn; u_int size; int error; @@ -125,14 +126,20 @@ portal_mount(mp, path, data, ndp, p) if (so->so_proto->pr_domain->dom_family != AF_UNIX) return (ESOCKTNOSUPPORT); + MALLOC(pn, struct portalnode *, sizeof(struct portalnode), + M_TEMP, M_WAITOK); + + MALLOC(fmp, struct portalmount *, sizeof(struct portalmount), + M_UFSMNT, M_WAITOK); /* XXX */ + error = getnewvnode(VT_PORTAL, mp, portal_vnodeop_p, &rvp); /* XXX */ - if (error) + if (error) { + FREE(fmp, M_UFSMNT); + FREE(pn, M_TEMP); return (error); - MALLOC(rvp->v_data, void *, sizeof(struct portalnode), - M_TEMP, M_WAITOK); + } - fmp = (struct portalmount *) malloc(sizeof(struct portalmount), - M_UFSMNT, M_WAITOK); /* XXX */ + rvp->v_data = pn; rvp->v_type = VDIR; rvp->v_flag |= VROOT; VTOPORTAL(rvp)->pt_arg = 0; diff --git a/sys/fs/portalfs/portal_vnops.c b/sys/fs/portalfs/portal_vnops.c index 27780bf42b2c..fcd595828733 100644 --- a/sys/fs/portalfs/portal_vnops.c +++ b/sys/fs/portalfs/portal_vnops.c @@ -35,7 +35,7 @@ * * @(#)portal_vnops.c 8.8 (Berkeley) 1/21/94 * - * $Id: portal_vnops.c,v 1.10 1995/12/11 09:24:45 phk Exp $ + * $Id: portal_vnops.c,v 1.11 1996/02/13 18:16:25 wollman Exp $ */ /* @@ -126,15 +126,21 @@ portal_lookup(ap) return (0); } + /* + * Do the MALLOC before the getnewvnode since doing so afterward + * might cause a bogus v_data pointer to get dereferenced + * elsewhere if MALLOC should block. + */ + MALLOC(pt, struct portalnode *, sizeof(struct portalnode), + M_TEMP, M_WAITOK); error = getnewvnode(VT_PORTAL, ap->a_dvp->v_mount, portal_vnodeop_p, &fvp); - if (error) + if (error) { + FREE(pt, M_TEMP); goto bad; + } fvp->v_type = VREG; - MALLOC(fvp->v_data, void *, sizeof(struct portalnode), - M_TEMP, M_WAITOK); - - pt = VTOPORTAL(fvp); + fvp->v_data = pt; /* * Save all of the remaining pathname and * advance the namei next pointer to the end diff --git a/sys/fs/procfs/procfs_subr.c b/sys/fs/procfs/procfs_subr.c index 6c464c1bdb77..7a0eafe50afb 100644 --- a/sys/fs/procfs/procfs_subr.c +++ b/sys/fs/procfs/procfs_subr.c @@ -36,7 +36,7 @@ * * @(#)procfs_subr.c 8.4 (Berkeley) 1/27/94 * - * $Id: procfs_subr.c,v 1.4 1995/04/15 02:30:12 davidg Exp $ + * $Id: procfs_subr.c,v 1.5 1995/05/30 08:07:11 rgrimes Exp $ */ #include <sys/param.h> @@ -111,14 +111,20 @@ loop: } pfsvplock |= PROCFS_LOCKED; + /* + * Do the MALLOC before the getnewvnode since doing so afterward + * might cause a bogus v_data pointer to get dereferenced + * elsewhere if MALLOC should block. + */ + MALLOC(pfs, struct pfsnode *, sizeof(struct pfsnode), M_TEMP, M_WAITOK); + error = getnewvnode(VT_PROCFS, mp, procfs_vnodeop_p, vpp); - if (error) + if (error) { + FREE(pfs, M_TEMP); goto out; + } - MALLOC((*vpp)->v_data, void *, sizeof(struct pfsnode), - M_TEMP, M_WAITOK); - - pfs = VTOPFS(*vpp); + (*vpp)->v_data = pfs; pfs->pfs_next = 0; pfs->pfs_pid = (pid_t) pid; pfs->pfs_type = pfs_type; diff --git a/sys/fs/umapfs/umap_subr.c b/sys/fs/umapfs/umap_subr.c index 0267584507df..fe1ec56db19c 100644 --- a/sys/fs/umapfs/umap_subr.c +++ b/sys/fs/umapfs/umap_subr.c @@ -35,7 +35,7 @@ * * @(#)umap_subr.c 8.6 (Berkeley) 1/26/94 * - * $Id: umap_subr.c,v 1.5 1995/12/03 14:38:57 bde Exp $ + * $Id: umap_subr.c,v 1.6 1995/12/03 14:54:39 bde Exp $ */ #include <sys/param.h> @@ -222,13 +222,23 @@ umap_node_alloc(mp, lowervp, vpp) struct vnode *othervp, *vp; int error; + /* XXX This routine probably needs a node_alloc lock */ + + /* + * Do the MALLOC before the getnewvnode since doing so afterward + * might cause a bogus v_data pointer to get dereferenced + * elsewhere if MALLOC should block. + */ + MALLOC(xp, struct umap_node *, sizeof(struct umap_node), + M_TEMP, M_WAITOK); + error = getnewvnode(VT_UMAP, mp, umap_vnodeop_p, vpp); - if (error) + if (error) { + FREE(xp, M_TEMP); return (error); + } vp = *vpp; - MALLOC(xp, struct umap_node *, sizeof(struct umap_node), - M_TEMP, M_WAITOK); vp->v_type = lowervp->v_type; xp->umap_vnode = vp; vp->v_data = xp; diff --git a/sys/miscfs/fdesc/fdesc_vnops.c b/sys/miscfs/fdesc/fdesc_vnops.c index bec6bc700af3..c563298346ef 100644 --- a/sys/miscfs/fdesc/fdesc_vnops.c +++ b/sys/miscfs/fdesc/fdesc_vnops.c @@ -35,7 +35,7 @@ * * @(#)fdesc_vnops.c 8.9 (Berkeley) 1/21/94 * - * $Id: fdesc_vnops.c,v 1.14 1995/12/05 19:12:05 bde Exp $ + * $Id: fdesc_vnops.c,v 1.15 1995/12/08 11:17:40 julian Exp $ */ /* @@ -170,10 +170,18 @@ loop: } fdcache_lock |= FDL_LOCKED; + /* + * Do the MALLOC before the getnewvnode since doing so afterward + * might cause a bogus v_data pointer to get dereferenced + * elsewhere if MALLOC should block. + */ + MALLOC(fd, struct fdescnode *, sizeof(struct fdescnode), M_TEMP, M_WAITOK); + error = getnewvnode(VT_FDESC, mp, fdesc_vnodeop_p, vpp); - if (error) + if (error) { + FREE(fd, M_TEMP); goto out; - MALLOC(fd, void *, sizeof(struct fdescnode), M_TEMP, M_WAITOK); + } (*vpp)->v_data = fd; fd->fd_vnode = *vpp; fd->fd_type = ftype; diff --git a/sys/miscfs/kernfs/kernfs_vfsops.c b/sys/miscfs/kernfs/kernfs_vfsops.c index c1ccf0783f4a..3a3e33c6d8a4 100644 --- a/sys/miscfs/kernfs/kernfs_vfsops.c +++ b/sys/miscfs/kernfs/kernfs_vfsops.c @@ -34,7 +34,7 @@ * SUCH DAMAGE. * * @(#)kernfs_vfsops.c 8.4 (Berkeley) 1/21/94 - * $Id: kernfs_vfsops.c,v 1.12 1995/12/13 15:13:28 julian Exp $ + * $Id: kernfs_vfsops.c,v 1.13 1995/12/14 18:26:55 julian Exp $ */ /* @@ -165,12 +165,15 @@ kernfs_mount(mp, path, data, ndp, p) if (mp->mnt_flag & MNT_UPDATE) return (EOPNOTSUPP); + MALLOC(fmp, struct kernfs_mount *, sizeof(struct kernfs_mount), + M_UFSMNT, M_WAITOK); /* XXX */ + error = getnewvnode(VT_KERNFS, mp, kernfs_vnodeop_p, &rvp); /* XXX */ - if (error) + if (error) { + FREE(fmp, M_UFSMNT); return (error); + } - MALLOC(fmp, struct kernfs_mount *, sizeof(struct kernfs_mount), - M_UFSMNT, M_WAITOK); /* XXX */ rvp->v_type = VDIR; rvp->v_flag |= VROOT; #ifdef KERNFS_DIAGNOSTIC diff --git a/sys/miscfs/nullfs/null_subr.c b/sys/miscfs/nullfs/null_subr.c index e5fa5900ccf9..4123dc2e7d5f 100644 --- a/sys/miscfs/nullfs/null_subr.c +++ b/sys/miscfs/nullfs/null_subr.c @@ -35,7 +35,7 @@ * * @(#)null_subr.c 8.4 (Berkeley) 1/21/94 * - * $Id: null_subr.c,v 1.4 1995/12/03 14:38:49 bde Exp $ + * $Id: null_subr.c,v 1.5 1995/12/03 14:54:22 bde Exp $ */ #include <sys/param.h> @@ -162,12 +162,20 @@ null_node_alloc(mp, lowervp, vpp) struct vnode *othervp, *vp; int error; + /* + * Do the MALLOC before the getnewvnode since doing so afterward + * might cause a bogus v_data pointer to get dereferenced + * elsewhere if MALLOC should block. + */ + MALLOC(xp, struct null_node *, sizeof(struct null_node), M_TEMP, M_WAITOK); + error = getnewvnode(VT_NULL, mp, null_vnodeop_p, vpp); - if (error) + if (error) { + FREE(xp, M_TEMP); return (error); + } vp = *vpp; - MALLOC(xp, struct null_node *, sizeof(struct null_node), M_TEMP, M_WAITOK); vp->v_type = lowervp->v_type; xp->null_vnode = vp; vp->v_data = xp; diff --git a/sys/miscfs/portal/portal_vfsops.c b/sys/miscfs/portal/portal_vfsops.c index 6a5b1ba04ca0..500b9ef4089c 100644 --- a/sys/miscfs/portal/portal_vfsops.c +++ b/sys/miscfs/portal/portal_vfsops.c @@ -35,7 +35,7 @@ * * @(#)portal_vfsops.c 8.6 (Berkeley) 1/21/94 * - * $Id: portal_vfsops.c,v 1.9 1995/11/16 11:24:06 bde Exp $ + * $Id: portal_vfsops.c,v 1.10 1995/12/11 09:24:43 phk Exp $ */ /* @@ -105,6 +105,7 @@ portal_mount(mp, path, data, ndp, p) struct portalmount *fmp; struct socket *so; struct vnode *rvp; + struct portalnode *pn; u_int size; int error; @@ -125,14 +126,20 @@ portal_mount(mp, path, data, ndp, p) if (so->so_proto->pr_domain->dom_family != AF_UNIX) return (ESOCKTNOSUPPORT); + MALLOC(pn, struct portalnode *, sizeof(struct portalnode), + M_TEMP, M_WAITOK); + + MALLOC(fmp, struct portalmount *, sizeof(struct portalmount), + M_UFSMNT, M_WAITOK); /* XXX */ + error = getnewvnode(VT_PORTAL, mp, portal_vnodeop_p, &rvp); /* XXX */ - if (error) + if (error) { + FREE(fmp, M_UFSMNT); + FREE(pn, M_TEMP); return (error); - MALLOC(rvp->v_data, void *, sizeof(struct portalnode), - M_TEMP, M_WAITOK); + } - fmp = (struct portalmount *) malloc(sizeof(struct portalmount), - M_UFSMNT, M_WAITOK); /* XXX */ + rvp->v_data = pn; rvp->v_type = VDIR; rvp->v_flag |= VROOT; VTOPORTAL(rvp)->pt_arg = 0; diff --git a/sys/miscfs/portal/portal_vnops.c b/sys/miscfs/portal/portal_vnops.c index 27780bf42b2c..fcd595828733 100644 --- a/sys/miscfs/portal/portal_vnops.c +++ b/sys/miscfs/portal/portal_vnops.c @@ -35,7 +35,7 @@ * * @(#)portal_vnops.c 8.8 (Berkeley) 1/21/94 * - * $Id: portal_vnops.c,v 1.10 1995/12/11 09:24:45 phk Exp $ + * $Id: portal_vnops.c,v 1.11 1996/02/13 18:16:25 wollman Exp $ */ /* @@ -126,15 +126,21 @@ portal_lookup(ap) return (0); } + /* + * Do the MALLOC before the getnewvnode since doing so afterward + * might cause a bogus v_data pointer to get dereferenced + * elsewhere if MALLOC should block. + */ + MALLOC(pt, struct portalnode *, sizeof(struct portalnode), + M_TEMP, M_WAITOK); error = getnewvnode(VT_PORTAL, ap->a_dvp->v_mount, portal_vnodeop_p, &fvp); - if (error) + if (error) { + FREE(pt, M_TEMP); goto bad; + } fvp->v_type = VREG; - MALLOC(fvp->v_data, void *, sizeof(struct portalnode), - M_TEMP, M_WAITOK); - - pt = VTOPORTAL(fvp); + fvp->v_data = pt; /* * Save all of the remaining pathname and * advance the namei next pointer to the end diff --git a/sys/miscfs/procfs/procfs_subr.c b/sys/miscfs/procfs/procfs_subr.c index 6c464c1bdb77..7a0eafe50afb 100644 --- a/sys/miscfs/procfs/procfs_subr.c +++ b/sys/miscfs/procfs/procfs_subr.c @@ -36,7 +36,7 @@ * * @(#)procfs_subr.c 8.4 (Berkeley) 1/27/94 * - * $Id: procfs_subr.c,v 1.4 1995/04/15 02:30:12 davidg Exp $ + * $Id: procfs_subr.c,v 1.5 1995/05/30 08:07:11 rgrimes Exp $ */ #include <sys/param.h> @@ -111,14 +111,20 @@ loop: } pfsvplock |= PROCFS_LOCKED; + /* + * Do the MALLOC before the getnewvnode since doing so afterward + * might cause a bogus v_data pointer to get dereferenced + * elsewhere if MALLOC should block. + */ + MALLOC(pfs, struct pfsnode *, sizeof(struct pfsnode), M_TEMP, M_WAITOK); + error = getnewvnode(VT_PROCFS, mp, procfs_vnodeop_p, vpp); - if (error) + if (error) { + FREE(pfs, M_TEMP); goto out; + } - MALLOC((*vpp)->v_data, void *, sizeof(struct pfsnode), - M_TEMP, M_WAITOK); - - pfs = VTOPFS(*vpp); + (*vpp)->v_data = pfs; pfs->pfs_next = 0; pfs->pfs_pid = (pid_t) pid; pfs->pfs_type = pfs_type; diff --git a/sys/miscfs/umapfs/umap_subr.c b/sys/miscfs/umapfs/umap_subr.c index 0267584507df..fe1ec56db19c 100644 --- a/sys/miscfs/umapfs/umap_subr.c +++ b/sys/miscfs/umapfs/umap_subr.c @@ -35,7 +35,7 @@ * * @(#)umap_subr.c 8.6 (Berkeley) 1/26/94 * - * $Id: umap_subr.c,v 1.5 1995/12/03 14:38:57 bde Exp $ + * $Id: umap_subr.c,v 1.6 1995/12/03 14:54:39 bde Exp $ */ #include <sys/param.h> @@ -222,13 +222,23 @@ umap_node_alloc(mp, lowervp, vpp) struct vnode *othervp, *vp; int error; + /* XXX This routine probably needs a node_alloc lock */ + + /* + * Do the MALLOC before the getnewvnode since doing so afterward + * might cause a bogus v_data pointer to get dereferenced + * elsewhere if MALLOC should block. + */ + MALLOC(xp, struct umap_node *, sizeof(struct umap_node), + M_TEMP, M_WAITOK); + error = getnewvnode(VT_UMAP, mp, umap_vnodeop_p, vpp); - if (error) + if (error) { + FREE(xp, M_TEMP); return (error); + } vp = *vpp; - MALLOC(xp, struct umap_node *, sizeof(struct umap_node), - M_TEMP, M_WAITOK); vp->v_type = lowervp->v_type; xp->umap_vnode = vp; vp->v_data = xp; diff --git a/sys/msdosfs/msdosfs_denode.c b/sys/msdosfs/msdosfs_denode.c index 2f86783c9a3e..bec376ca54c6 100644 --- a/sys/msdosfs/msdosfs_denode.c +++ b/sys/msdosfs/msdosfs_denode.c @@ -1,4 +1,4 @@ -/* $Id: msdosfs_denode.c,v 1.15 1995/12/07 12:47:19 davidg Exp $ */ +/* $Id: msdosfs_denode.c,v 1.16 1996/01/19 03:58:42 dyson Exp $ */ /* $NetBSD: msdosfs_denode.c,v 1.9 1994/08/21 18:44:00 ws Exp $ */ /*- @@ -225,6 +225,12 @@ deget(pmp, dirclust, diroffset, direntptr, depp) return 0; } + /* + * Do the MALLOC before the getnewvnode since doing so afterward + * might cause a bogus v_data pointer to get dereferenced + * elsewhere if MALLOC should block. + */ + MALLOC(ldep, struct denode *, sizeof(struct denode), M_MSDOSFSNODE, M_WAITOK); /* * Directory entry was not in cache, have to create a vnode and @@ -233,10 +239,10 @@ deget(pmp, dirclust, diroffset, direntptr, depp) /* getnewvnode() does a VREF() on the vnode */ error = getnewvnode(VT_MSDOSFS, mntp, msdosfs_vnodeop_p, &nvp); if (error) { - *depp = 0; + *depp = NULL; + FREE(ldep, M_MSDOSFSNODE); return error; } - MALLOC(ldep, struct denode *, sizeof(struct denode), M_MSDOSFSNODE, M_WAITOK); bzero((caddr_t)ldep, sizeof *ldep); nvp->v_data = ldep; ldep->de_vnode = nvp; diff --git a/sys/nfs/nfs_node.c b/sys/nfs/nfs_node.c index f7cd396fc62c..be3155ca6477 100644 --- a/sys/nfs/nfs_node.c +++ b/sys/nfs/nfs_node.c @@ -34,7 +34,7 @@ * SUCH DAMAGE. * * @(#)nfs_node.c 8.2 (Berkeley) 12/30/93 - * $Id: nfs_node.c,v 1.11 1995/07/22 03:32:18 davidg Exp $ + * $Id: nfs_node.c,v 1.12 1995/10/29 15:32:50 phk Exp $ */ #include <sys/param.h> @@ -138,6 +138,13 @@ loop: goto loop; } nfs_node_hash_lock = 1; + + /* + * Do the MALLOC before the getnewvnode since doing so afterward + * might cause a bogus v_data pointer to get dereferenced + * elsewhere if MALLOC should block. + */ + MALLOC(np, struct nfsnode *, sizeof *np, M_NFSNODE, M_WAITOK); error = getnewvnode(VT_NFS, mntp, nfsv2_vnodeop_p, &nvp); if (error) { @@ -145,10 +152,10 @@ loop: wakeup(&nfs_node_hash_lock); nfs_node_hash_lock = 0; *npp = 0; + FREE(np, M_NFSNODE); return (error); } vp = nvp; - MALLOC(np, struct nfsnode *, sizeof *np, M_NFSNODE, M_WAITOK); bzero((caddr_t)np, sizeof *np); vp->v_data = np; np->n_vnode = vp; diff --git a/sys/nfsclient/nfs_node.c b/sys/nfsclient/nfs_node.c index f7cd396fc62c..be3155ca6477 100644 --- a/sys/nfsclient/nfs_node.c +++ b/sys/nfsclient/nfs_node.c @@ -34,7 +34,7 @@ * SUCH DAMAGE. * * @(#)nfs_node.c 8.2 (Berkeley) 12/30/93 - * $Id: nfs_node.c,v 1.11 1995/07/22 03:32:18 davidg Exp $ + * $Id: nfs_node.c,v 1.12 1995/10/29 15:32:50 phk Exp $ */ #include <sys/param.h> @@ -138,6 +138,13 @@ loop: goto loop; } nfs_node_hash_lock = 1; + + /* + * Do the MALLOC before the getnewvnode since doing so afterward + * might cause a bogus v_data pointer to get dereferenced + * elsewhere if MALLOC should block. + */ + MALLOC(np, struct nfsnode *, sizeof *np, M_NFSNODE, M_WAITOK); error = getnewvnode(VT_NFS, mntp, nfsv2_vnodeop_p, &nvp); if (error) { @@ -145,10 +152,10 @@ loop: wakeup(&nfs_node_hash_lock); nfs_node_hash_lock = 0; *npp = 0; + FREE(np, M_NFSNODE); return (error); } vp = nvp; - MALLOC(np, struct nfsnode *, sizeof *np, M_NFSNODE, M_WAITOK); bzero((caddr_t)np, sizeof *np); vp->v_data = np; np->n_vnode = vp; diff --git a/sys/ufs/ffs/ffs_vfsops.c b/sys/ufs/ffs/ffs_vfsops.c index 44ae0d69341b..200b0065d8f2 100644 --- a/sys/ufs/ffs/ffs_vfsops.c +++ b/sys/ufs/ffs/ffs_vfsops.c @@ -31,7 +31,7 @@ * SUCH DAMAGE. * * @(#)ffs_vfsops.c 8.8 (Berkeley) 4/18/94 - * $Id: ffs_vfsops.c,v 1.37 1996/03/02 03:45:12 dyson Exp $ + * $Id: ffs_vfsops.c,v 1.38 1996/03/02 22:18:34 dyson Exp $ */ #include "opt_quota.h" @@ -866,6 +866,16 @@ restart: } ffs_inode_hash_lock = 1; + /* + * If this MALLOC() is performed after the getnewvnode() + * it might block, leaving a vnode with a NULL v_data to be + * found by ffs_sync() if a sync happens to fire right then, + * which will cause a panic because ffs_sync() blindly + * dereferences vp->v_data (as well it should). + */ + type = ump->um_devvp->v_tag == VT_MFS ? M_MFSNODE : M_FFSNODE; /* XXX */ + MALLOC(ip, struct inode *, sizeof(struct inode), type, M_WAITOK); + /* Allocate a new vnode/inode. */ error = getnewvnode(VT_UFS, mp, ffs_vnodeop_p, &vp); if (error) { @@ -873,10 +883,9 @@ restart: wakeup(&ffs_inode_hash_lock); ffs_inode_hash_lock = 0; *vpp = NULL; + FREE(ip, type); return (error); } - type = ump->um_devvp->v_tag == VT_MFS ? M_MFSNODE : M_FFSNODE; /* XXX */ - MALLOC(ip, struct inode *, sizeof(struct inode), type, M_WAITOK); bzero((caddr_t)ip, sizeof(struct inode)); vp->v_data = ip; ip->i_vnode = vp; diff --git a/sys/ufs/lfs/lfs_alloc.c b/sys/ufs/lfs/lfs_alloc.c index 8d4e04418c31..43b99f7fc892 100644 --- a/sys/ufs/lfs/lfs_alloc.c +++ b/sys/ufs/lfs/lfs_alloc.c @@ -31,7 +31,7 @@ * SUCH DAMAGE. * * @(#)lfs_alloc.c 8.4 (Berkeley) 1/4/94 - * $Id: lfs_alloc.c,v 1.9 1995/12/07 12:47:55 davidg Exp $ + * $Id: lfs_alloc.c,v 1.10 1996/01/05 18:31:51 wollman Exp $ */ #include "opt_quota.h" @@ -166,9 +166,17 @@ lfs_vcreate(mp, ino, vpp) struct ufsmount *ump; int error, i; + /* + * Do the MALLOC before the getnewvnode since doing so afterward + * might cause a bogus v_data pointer to get dereferenced + * elsewhere if MALLOC should block. + */ + MALLOC(ip, struct inode *, sizeof(struct inode), M_LFSNODE, M_WAITOK); + /* Create the vnode. */ if (error = getnewvnode(VT_LFS, mp, lfs_vnodeop_p, vpp)) { *vpp = NULL; + FREE(ip, M_LFSNODE); return (error); } @@ -176,7 +184,6 @@ lfs_vcreate(mp, ino, vpp) ump = VFSTOUFS(mp); /* Initialize the inode. */ - MALLOC(ip, struct inode *, sizeof(struct inode), M_LFSNODE, M_WAITOK); (*vpp)->v_data = ip; ip->i_vnode = *vpp; ip->i_devvp = ump->um_devvp; diff --git a/sys/ufs/mfs/mfs_vfsops.c b/sys/ufs/mfs/mfs_vfsops.c index 39a1822616b2..628c6b30185a 100644 --- a/sys/ufs/mfs/mfs_vfsops.c +++ b/sys/ufs/mfs/mfs_vfsops.c @@ -31,7 +31,7 @@ * SUCH DAMAGE. * * @(#)mfs_vfsops.c 8.4 (Berkeley) 4/16/94 - * $Id: mfs_vfsops.c,v 1.20 1995/12/17 21:09:59 phk Exp $ + * $Id: mfs_vfsops.c,v 1.21 1996/04/08 07:54:49 phk Exp $ */ #include <sys/param.h> @@ -288,7 +288,7 @@ mfs_mount(mp, path, data, ndp, p) /* * FS specific handling */ - mfsp = malloc(sizeof *mfsp, M_MFSNODE, M_WAITOK); + MALLOC(mfsp, struct mfsnode *, sizeof *mfsp, M_MFSNODE, M_WAITOK); rootvp->v_data = mfsp; rootvp->v_op = mfs_vnodeop_p; rootvp->v_tag = VT_MFS; @@ -305,7 +305,7 @@ mfs_mount(mp, path, data, ndp, p) if( (err = ffs_mountfs(rootvp, mp, p)) != 0 ) { /* fs specific cleanup (if any)*/ rootvp->v_data = NULL; - free(mfsp, M_MFSNODE); + FREE(mfsp, M_MFSNODE); goto error_1; } @@ -368,13 +368,21 @@ mfs_mount(mp, path, data, ndp, p) /* XXX MFS does not support name updating*/ goto success; } + /* + * Do the MALLOC before the getnewvnode since doing so afterward + * might cause a bogus v_data pointer to get dereferenced + * elsewhere if MALLOC should block. + */ + MALLOC(mfsp, struct mfsnode *, sizeof *mfsp, M_MFSNODE, M_WAITOK); + err = getnewvnode(VT_MFS, (struct mount *)0, mfs_vnodeop_p, &devvp); - if (err) + if (err) { + FREE(mfsp, M_MFSNODE); goto error_1; + } devvp->v_type = VBLK; if (checkalias(devvp, makedev(255, mfs_minor++), (struct mount *)0)) panic("mfs_mount: dup dev"); - mfsp = (struct mfsnode *)malloc(sizeof *mfsp, M_MFSNODE, M_WAITOK); devvp->v_data = mfsp; mfsp->mfs_baseoff = args.base; mfsp->mfs_size = args.size; |