Moved the fsnode MALLOC to before the call to getnewvnode() so that the

process won't possibly block before filling in the fsnode pointer (v_data)
which might be dereferenced during a sync since the vnode is put on the
mnt_vnodelist by getnewvnode.

Pointed out by Matt Day <mday@artisoft.com>

1 files changed, 9 insertions, 2 deletions

diff --git a/sys/ufs/lfs/lfs_alloc.c b/sys/ufs/lfs/lfs_alloc.c
index 8d4e044..43b99f7 100644
--- a/sys/ufs/lfs/lfs_alloc.c
+++ b/sys/ufs/lfs/lfs_alloc.c
@@ -31,7 +31,7 @@
  * SUCH DAMAGE.
  *
  *	@(#)lfs_alloc.c	8.4 (Berkeley) 1/4/94
- * $Id: lfs_alloc.c,v 1.9 1995/12/07 12:47:55 davidg Exp $
+ * $Id: lfs_alloc.c,v 1.10 1996/01/05 18:31:51 wollman Exp $
  */
 
 #include "opt_quota.h"
@@ -166,9 +166,17 @@ lfs_vcreate(mp, ino, vpp)
 	struct ufsmount *ump;
 	int error, i;
 
+	/*
+	 * Do the MALLOC before the getnewvnode since doing so afterward
+	 * might cause a bogus v_data pointer to get dereferenced
+	 * elsewhere if MALLOC should block.
+	 */
+	MALLOC(ip, struct inode *, sizeof(struct inode), M_LFSNODE, M_WAITOK);
+
 	/* Create the vnode. */
 	if (error = getnewvnode(VT_LFS, mp, lfs_vnodeop_p, vpp)) {
 		*vpp = NULL;
+		FREE(ip, M_LFSNODE);
 		return (error);
 	}
 
@@ -176,7 +184,6 @@ lfs_vcreate(mp, ino, vpp)
 	ump = VFSTOUFS(mp);
 
 	/* Initialize the inode. */
-	MALLOC(ip, struct inode *, sizeof(struct inode), M_LFSNODE, M_WAITOK);
 	(*vpp)->v_data = ip;
 	ip->i_vnode = *vpp;
 	ip->i_devvp = ump->um_devvp;