From 32ad50bcee9a5b087bea7e0c9c1cfe3d1e58293e Mon Sep 17 00:00:00 2001 From: Jeffrey Altman Date: Mon, 26 Mar 2012 11:10:36 -0400 Subject: [PATCH] Windows: AFSInvalidateObject can overwrite input param AFSInvalidateObject() must not be called with an AFSObjectInformationCB pointer variable that it is not safe to overwrite as the function sets the input value to NULL if the invalidation is going to be performed asynchronously in a worker thread. In AFSEnumerateDirectory(), the following call took place: AFSInvalidateObject( &pDirNode->ObjectInformation, AFS_INVALIDATE_DATA_VERSION); which requires a worker thread to process. As a result, the ObjectInformation pointer was being set to NULL which detached the AFSObjectInformationCB from the AFSDirectoryCB. That in turn produced an execption in AFSLocateName() which resulted in a resource not being freed that in turn produced a deadlock. Change-Id: Id30e84cf96b69156d648e3b452e7e03390559c43 Reviewed-on: http://gerrit.openafs.org/6962 Reviewed-by: Jeffrey Altman Tested-by: BuildBot Tested-by: Jeffrey Altman --- .../afsrdr/kernel/lib/AFSCommSupport.cpp | 24 +++++++++++++++++-- src/WINNT/afsrdr/kernel/lib/AFSGeneric.cpp | 16 ++++++++----- 2 files changed, 32 insertions(+), 8 deletions(-) diff --git a/src/WINNT/afsrdr/kernel/lib/AFSCommSupport.cpp b/src/WINNT/afsrdr/kernel/lib/AFSCommSupport.cpp index 1f684d0b5..9afcdf9e6 100644 --- a/src/WINNT/afsrdr/kernel/lib/AFSCommSupport.cpp +++ b/src/WINNT/afsrdr/kernel/lib/AFSCommSupport.cpp @@ -303,8 +303,19 @@ AFSEnumerateDirectory( IN GUID *AuthGroup, if( pDirNode->ObjectInformation->DataVersion.QuadPart != pCurrentDirEntry->DataVersion.QuadPart) { - AFSInvalidateObject( &pDirNode->ObjectInformation, -+ AFS_INVALIDATE_DATA_VERSION); + LONG lCount; + AFSObjectInfoCB *pObjectInfo = pDirNode->ObjectInformation; + + lCount = InterlockedIncrement( &pObjectInfo->ObjectReferenceCount); + + AFSInvalidateObject( &pObjectInfo, + AFS_INVALIDATE_DATA_VERSION); + + if( pObjectInfo != NULL) + { + + lCount = InterlockedDecrement( &pObjectInfo->ObjectReferenceCount); + } } else { @@ -748,6 +759,7 @@ AFSVerifyDirectoryContent( IN AFSObjectInfoCB *ObjectInfoCB, AFSObjectInfoCB *pObjectInfo = NULL; ULONGLONG ullIndex = 0; UNICODE_STRING uniGUID; + LONG lCount; __Enter { @@ -1058,8 +1070,16 @@ AFSVerifyDirectoryContent( IN AFSObjectInfoCB *ObjectInfoCB, if( pObjectInfo->DataVersion.QuadPart != pCurrentDirEntry->DataVersion.QuadPart) { + lCount = InterlockedIncrement( &pObjectInfo->ObjectReferenceCount); + AFSInvalidateObject( &pObjectInfo, AFS_INVALIDATE_DATA_VERSION); + + if( pObjectInfo != NULL) + { + + lCount = InterlockedDecrement( &pObjectInfo->ObjectReferenceCount); + } } else { diff --git a/src/WINNT/afsrdr/kernel/lib/AFSGeneric.cpp b/src/WINNT/afsrdr/kernel/lib/AFSGeneric.cpp index fbdfa3104..80a1b4c4c 100644 --- a/src/WINNT/afsrdr/kernel/lib/AFSGeneric.cpp +++ b/src/WINNT/afsrdr/kernel/lib/AFSGeneric.cpp @@ -2481,13 +2481,17 @@ AFSInvalidateVolume( IN AFSVolumeCB *VolumeCB, AFSInvalidateObject( &pCurrentObject, Reason); - lCount = InterlockedDecrement( &pCurrentObject->ObjectReferenceCount); + if ( pCurrentObject) + { - AFSDbgLogMsg( AFS_SUBSYSTEM_OBJECT_REF_COUNTING, - AFS_TRACE_LEVEL_VERBOSE, - "AFSInvalidateVolumeObjects Decrement count on object %08lX Cnt %d\n", - pCurrentObject, - lCount); + lCount = InterlockedDecrement( &pCurrentObject->ObjectReferenceCount); + + AFSDbgLogMsg( AFS_SUBSYSTEM_OBJECT_REF_COUNTING, + AFS_TRACE_LEVEL_VERBOSE, + "AFSInvalidateVolumeObjects Decrement count on object %08lX Cnt %d\n", + pCurrentObject, + lCount); + } } // -- 2.39.5