From a1792756a0e3eca506e508af02e074c5f31042d9 Mon Sep 17 00:00:00 2001
From: Russ Allbery <rra@debian.org>
Date: Thu, 12 Feb 2009 11:06:08 -0800
Subject: [PATCH] Apply upstream
 STABLE14-rx-do-not-race-current-packet-20090105

---
 debian/changelog |  2 ++
 src/rx/rx_rdwr.c | 15 ++++++++++++---
 2 files changed, 14 insertions(+), 3 deletions(-)

diff --git a/debian/changelog b/debian/changelog
index 3014bb8be..196b58fad 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -19,6 +19,8 @@ openafs (1.4.8.dfsg1-1) UNRELEASED; urgency=low
       not ignore other ping packets.
     - STABLE14-rx-rdwr-writeproc-race-20081228: fix rx race condition that
       could result in reuse of freed memory.
+    - STABLE14-rx-do-not-race-current-packet-20090105: fix rx race
+      condition.
   * Make dynroot the default for new installations.  It works much better
     with systems that don't bring up their network until late in the boot
     process, such as wireless laptops.  (LP: #249240, #318605)
diff --git a/src/rx/rx_rdwr.c b/src/rx/rx_rdwr.c
index c574deddd..0c88bb205 100644
--- a/src/rx/rx_rdwr.c
+++ b/src/rx/rx_rdwr.c
@@ -15,7 +15,7 @@
 #endif
 
 RCSID
-    ("$Header: /cvs/openafs/src/rx/rx_rdwr.c,v 1.21.2.12 2008/12/28 21:08:13 jaltman Exp $");
+    ("$Header: /cvs/openafs/src/rx/rx_rdwr.c,v 1.21.2.13 2009/01/05 23:17:48 jaltman Exp $");
 
 #ifdef KERNEL
 #ifndef UKERNEL
@@ -231,6 +231,8 @@ MTUXXX  doesn't there need to be an "else" here ???
 		    osi_rxSleep(&call->rq);
 #endif
 		}
+                /* cp is no longer valid since we may have given up the lock */
+                cp = call->currentPacket;
 
 		call->startWait = 0;
 #ifdef RX_ENABLE_LOCKS
@@ -1056,7 +1058,7 @@ rx_WritevAlloc(struct rx_call *call, struct iovec *iov, int *nio, int maxio,
 int
 rxi_WritevProc(struct rx_call *call, struct iovec *iov, int nio, int nbytes)
 {
-    struct rx_packet *cp = call->currentPacket;
+    struct rx_packet *cp = NULL;
     int nextio;
     int requestCount;
     struct rx_queue tmpq;
@@ -1079,6 +1081,8 @@ rxi_WritevProc(struct rx_call *call, struct iovec *iov, int nio, int nbytes)
 #endif /* RX_ENABLE_LOCKS */
     }
 #endif /* AFS_GLOBAL_RXLOCK_KERNEL */
+    /* cp is no longer valid since we may have given up the lock */
+    cp = call->currentPacket;
 
     if (call->error) {
 	if (cp) {
@@ -1177,6 +1181,8 @@ rxi_WritevProc(struct rx_call *call, struct iovec *iov, int nio, int nbytes)
 #endif
 	call->startWait = 0;
     }
+    /* cp is no longer valid since we may have given up the lock */
+    cp = call->currentPacket;
 
     if (call->error) {
 	if (cp) {
@@ -1208,7 +1214,7 @@ rx_WritevProc(struct rx_call *call, struct iovec *iov, int nio, int nbytes)
 void
 rxi_FlushWrite(register struct rx_call *call)
 {
-    register struct rx_packet *cp = call->currentPacket;
+    register struct rx_packet *cp = NULL;
 
     /* Free any packets from the last call to ReadvProc/WritevProc */
     if (queue_IsNotEmpty(&call->iovq)) {
@@ -1248,6 +1254,9 @@ rxi_FlushWrite(register struct rx_call *call)
 	}
 #endif /* AFS_GLOBAL_RXLOCK_KERNEL */
 
+        /* cp is no longer valid since we may have given up the lock */
+        cp = call->currentPacket;
+
 	if (cp) {
 	    /* cp->length is only supposed to be the user's data */
 	    /* cp->length was already set to (then-current) 
-- 
2.39.5