From 2ef57a3ee951660cb69d8656e9293c93b28e0d1e Mon Sep 17 00:00:00 2001
From: Jeffrey Altman <jaltman@your-file-system.com>
Date: Sat, 31 Dec 2011 16:07:00 -0500
Subject: [PATCH] Windows: avoid race during Fcb cleanup

The worker thread can race with a AFSCleanup() operation and
tear down the Fcb before the AFSCleanup() drops the Fcb->NPFcb->Resource.
Avoid this race by requiring the worker thread to obtain the resource
once before deleting the resource.

Change-Id: Iafad8260c5dfc4187a62c04b14d55ac0bf0e4aeb
Reviewed-on: http://gerrit.openafs.org/6462
Reviewed-by: Jeffrey Altman <jaltman@secure-endpoints.com>
Tested-by: Jeffrey Altman <jaltman@secure-endpoints.com>
---
 src/WINNT/afsrdr/kernel/lib/AFSWorker.cpp | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/src/WINNT/afsrdr/kernel/lib/AFSWorker.cpp b/src/WINNT/afsrdr/kernel/lib/AFSWorker.cpp
index b975ac211..b39ade756 100644
--- a/src/WINNT/afsrdr/kernel/lib/AFSWorker.cpp
+++ b/src/WINNT/afsrdr/kernel/lib/AFSWorker.cpp
@@ -1429,6 +1429,18 @@ AFSPrimaryVolumeWorkerThread( IN PVOID Context)
                                 if( pCurrentObject->Fcb != NULL)
                                 {
 
+                                    //
+                                    // Acquire and drop the Fcb resource to synchronize
+                                    // with a potentially active AFSCleanup() which sets
+                                    // the OpenReferenceCount to zero while holding the
+                                    // resource.
+                                    //
+
+                                    AFSAcquireExcl( &pCurrentObject->Fcb->NPFcb->Resource,
+                                                    TRUE);
+
+                                    AFSReleaseResource( &pCurrentObject->Fcb->NPFcb->Resource);
+
                                     AFSCleanupFcb( pCurrentObject->Fcb,
                                                    TRUE);
 
-- 
2.39.5