From eb7ad3002d1e518f941d031a685f777f9aed4c36 Mon Sep 17 00:00:00 2001
From: Jeffrey Altman <jaltman@secure-endpoints.com>
Date: Thu, 11 May 2006 13:37:05 +0000
Subject: [PATCH] STABLE14-windows-smb-vcp-cleanup-races-20060511

Only allow one thread to mark the vcp dead


(cherry picked from commit f6833e96f961de1c1d402646c87681f27bf926e9)
---
 src/WINNT/afsd/smb.c | 35 ++++++++++++++++++++++++++---------
 1 file changed, 26 insertions(+), 9 deletions(-)

diff --git a/src/WINNT/afsd/smb.c b/src/WINNT/afsd/smb.c
index b78b570e3..4340f3239 100644
--- a/src/WINNT/afsd/smb.c
+++ b/src/WINNT/afsd/smb.c
@@ -2514,12 +2514,20 @@ void smb_SendPacket(smb_vc_t *vcp, smb_packet_t *inp)
 		  vcp, vcp->usersp);
 
 	lock_ObtainMutex(&vcp->mx);
-	vcp->flags |= SMB_VCFLAG_ALREADYDEAD;
-	lock_ReleaseMutex(&vcp->mx);
-	lock_ObtainWrite(&smb_globalLock);
-	dead_sessions[vcp->session] = TRUE;
-	lock_ReleaseWrite(&smb_globalLock);
-	smb_CleanupDeadVC(vcp);
+	if (!(vcp->flags & SMB_VCFLAG_ALREADYDEAD)) {
+	    osi_Log2(smb_logp, "marking dead vcp 0x%x, user struct 0x%x",
+		      vcp, vcp->usersp);
+	    vcp->flags |= SMB_VCFLAG_ALREADYDEAD;
+	    lock_ReleaseMutex(&vcp->mx);
+	    lock_ObtainWrite(&smb_globalLock);
+	    dead_sessions[vcp->session] = TRUE;
+	    lock_ReleaseWrite(&smb_globalLock);
+	    smb_CleanupDeadVC(vcp);
+	    smb_ReleaseVC(vcp);
+	    vcp = NULL;
+	} else {
+	    lock_ReleaseMutex(&vcp->mx);
+	}
     }
 
     if (localNCB)
@@ -8281,9 +8289,18 @@ void smb_Listener(void *parmp)
             smb_FreePacket(outp);
 
 	    lock_ObtainMutex(&vcp->mx);
-	    vcp->flags |= SMB_VCFLAG_ALREADYDEAD;
-	    lock_ReleaseMutex(&vcp->mx);
-	    smb_CleanupDeadVC(vcp);
+	    if (!(vcp->flags & SMB_VCFLAG_ALREADYDEAD)) {
+		osi_Log2(smb_logp, "marking dead vcp 0x%x, user struct 0x%x",
+			  vcp, vcp->usersp);
+		vcp->flags |= SMB_VCFLAG_ALREADYDEAD;
+		lock_ReleaseMutex(&vcp->mx);
+		lock_ObtainWrite(&smb_globalLock);
+		dead_sessions[vcp->session] = TRUE;
+		lock_ReleaseWrite(&smb_globalLock);
+		smb_CleanupDeadVC(vcp);
+	    } else {
+		lock_ReleaseMutex(&vcp->mx);
+	    }
         } else {
             /* assert that we do not exceed the maximum number of sessions or NCBs.
              * we should probably want to wait for a session to be freed in case
-- 
2.39.5