From badfd710f7ae960a7b2e88b2cb80a2ef2aff4c8e Mon Sep 17 00:00:00 2001
From: Tom Keiser <tkeiser@sinenomine.net>
Date: Wed, 13 Oct 2010 01:10:09 -0400
Subject: [PATCH] don't release Volume lightweight ref too early

FSYNC_com_VolOff was releasing its lightweight ref before the error handling
code for VGetVolumeByVp_r was executed; this code needs to dereference the
Volume pointer for some of its logic.  This was unsafe since
VCancelReservation_r() could have resulted in the Volume object being freed.
Move VCancelReservation_r() below the error handling block.  NB: the error
handling block now relies upon the goto done/deny to cancel its lightweight
ref.

Reviewed-on: http://gerrit.openafs.org/2968
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Tested-by: Derrick Brashear <shadow@dementia.org>
(cherry picked from commit a91da7a7b91ce0c4584092cd666eca89d39b8abf)
Change-Id: Ie84351628fd112aa1724180a08dba10f0903a016
Reviewed-on: http://gerrit.openafs.org/3103
---
 src/vol/fssync-server.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/src/vol/fssync-server.c b/src/vol/fssync-server.c
index c9d6b1c69..62dd7523a 100644
--- a/src/vol/fssync-server.c
+++ b/src/vol/fssync-server.c
@@ -969,9 +969,6 @@ FSYNC_com_VolOff(FSSYNC_VolOp_command * vcom, SYNC_response * res)
 
 	/* convert to heavyweight ref */
 	nvp = VGetVolumeByVp_r(&error, vp);
-	VCancelReservation_r(rvp);
-	rvp = NULL;
-
 	if (!nvp) {
             /*
              * It's possible for VGetVolumeByVp_r to have dropped and
@@ -1007,6 +1004,10 @@ FSYNC_com_VolOff(FSSYNC_VolOp_command * vcom, SYNC_response * res)
 	    vp = nvp;
 	}
 
+	/* kill off lightweight ref to ensure we can't deadlock against ourselves later... */
+	VCancelReservation_r(rvp);
+	rvp = NULL;
+
 	/* register the volume operation metadata with the volume */
 	VRegisterVolOp_r(vp, &info);
 
-- 
2.39.5