From 8085bc4d476a2e77b26454929cdfa1d034c754f7 Mon Sep 17 00:00:00 2001 From: Jeffrey Altman Date: Wed, 27 Apr 2005 16:32:22 +0000 Subject: [PATCH] windows-callback-race-20050427 cm_EndCallbackGrantingCall contained a race condition due to the release of the cm_callbackLock in the middle of the for() loop. The race was removed by optimizing out the call to cm_CallbackNotifyChange(). There is no reason this needed to be called once per callback revoke in the list. --- src/WINNT/afsd/cm_callback.c | 19 +++++++++---------- 1 file changed, 9 insertions(+), 10 deletions(-) diff --git a/src/WINNT/afsd/cm_callback.c b/src/WINNT/afsd/cm_callback.c index 37771db858..e57269724b 100644 --- a/src/WINNT/afsd/cm_callback.c +++ b/src/WINNT/afsd/cm_callback.c @@ -1499,6 +1499,7 @@ void cm_EndCallbackGrantingCall(cm_scache_t *scp, cm_callbackRequest_t *cbrp, cm_racingRevokes_t *nrevp; /* where we'll be next */ int freeFlag; cm_server_t * serverp = 0; + int discardScp = 0; lock_ObtainWrite(&cm_callbackLock); if (flags & CM_CALLBACK_MAINTAINCOUNT) { @@ -1561,16 +1562,7 @@ void cm_EndCallbackGrantingCall(cm_scache_t *scp, cm_callbackRequest_t *cbrp, scp, cbrp->callbackCount, revp->callbackCount, cm_callbackCount); - cm_DiscardSCache(scp); - /* - * Since we don't have a callback to preserve, it's - * OK to drop the lock and re-obtain it. - */ - lock_ReleaseMutex(&scp->mx); - lock_ReleaseWrite(&cm_callbackLock); - cm_CallbackNotifyChange(scp); - lock_ObtainMutex(&scp->mx); - lock_ObtainWrite(&cm_callbackLock); + discardScp = 1; } if (freeFlag) free(revp); @@ -1582,6 +1574,13 @@ void cm_EndCallbackGrantingCall(cm_scache_t *scp, cm_callbackRequest_t *cbrp, lock_ReleaseWrite(&cm_callbackLock); + if ( discardScp ) { + cm_DiscardSCache(scp); + lock_ReleaseMutex(&scp->mx); + cm_CallbackNotifyChange(scp); + lock_ObtainMutex(&scp->mx); + } + if ( serverp ) { lock_ObtainWrite(&cm_serverLock); cm_FreeServer(serverp);