FSYNC_com_VolOff was releasing its lightweight ref before the error handling
code for VGetVolumeByVp_r was executed; this code needs to dereference the
Volume pointer for some of its logic. This was unsafe since
VCancelReservation_r() could have resulted in the Volume object being freed.
Move VCancelReservation_r() below the error handling block. NB: the error
handling block now relies upon the goto done/deny to cancel its lightweight
ref.
Reviewed-on: http://gerrit.openafs.org/2968
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Tested-by: Derrick Brashear <shadow@dementia.org>
(cherry picked from commit
a91da7a7b91ce0c4584092cd666eca89d39b8abf)
Change-Id: Ie84351628fd112aa1724180a08dba10f0903a016
Reviewed-on: http://gerrit.openafs.org/3103
/* convert to heavyweight ref */
nvp = VGetVolumeByVp_r(&error, vp);
- VCancelReservation_r(rvp);
- rvp = NULL;
-
if (!nvp) {
/*
* It's possible for VGetVolumeByVp_r to have dropped and
vp = nvp;
}
+ /* kill off lightweight ref to ensure we can't deadlock against ourselves later... */
+ VCancelReservation_r(rvp);
+ rvp = NULL;
+
/* register the volume operation metadata with the volume */
VRegisterVolOp_r(vp, &info);
projects / packages / o / openafs.git / commitdiff