STABLE14-rx-do-not-race-current-packet-20090105

LICENSE MIT

Throughout rx_rdwr.c functions allocate a register variable 'cp'
which is used to optimize access to call->currentPacket.
Unfortunately, if the call->lock is dropped (for example, CV_WAIT)
the synchronization between the two is lost.  This delta re-syncs
'cp' and call->currentPacket after each location where the call->lock
may be dropped.

(cherry picked from commit 423ab97eee35f57beeb481cac2159d28dea20577)

diff --git a/src/rx/rx_rdwr.c b/src/rx/rx_rdwr.c
index a3542e6..c91d8be 100644 (file)
--- a/src/rx/rx_rdwr.c
+++ b/src/rx/rx_rdwr.c
@@ -231,6 +231,8 @@ MTUXXX  doesn't there need to be an "else" here ???
                    osi_rxSleep(&call->rq);
 #endif
                }
+                /* cp is no longer valid since we may have given up the lock */
+                cp = call->currentPacket;
 
                call->startWait = 0;
 #ifdef RX_ENABLE_LOCKS
@@ -1056,7 +1058,7 @@ rx_WritevAlloc(struct rx_call *call, struct iovec *iov, int *nio, int maxio,
 int
 rxi_WritevProc(struct rx_call *call, struct iovec *iov, int nio, int nbytes)
 {
-    struct rx_packet *cp = call->currentPacket;
+    struct rx_packet *cp = NULL;
     int nextio;
     int requestCount;
     struct rx_queue tmpq;
@@ -1079,6 +1081,8 @@ rxi_WritevProc(struct rx_call *call, struct iovec *iov, int nio, int nbytes)
 #endif /* RX_ENABLE_LOCKS */
     }
 #endif /* AFS_GLOBAL_RXLOCK_KERNEL */
+    /* cp is no longer valid since we may have given up the lock */
+    cp = call->currentPacket;
 
     if (call->error) {
        if (cp) {
@@ -1177,6 +1181,8 @@ rxi_WritevProc(struct rx_call *call, struct iovec *iov, int nio, int nbytes)
 #endif
        call->startWait = 0;
     }
+    /* cp is no longer valid since we may have given up the lock */
+    cp = call->currentPacket;
 
     if (call->error) {
        if (cp) {
@@ -1208,7 +1214,7 @@ rx_WritevProc(struct rx_call *call, struct iovec *iov, int nio, int nbytes)
 void
 rxi_FlushWrite(register struct rx_call *call)
 {
-    register struct rx_packet *cp = call->currentPacket;
+    register struct rx_packet *cp = NULL;
 
     /* Free any packets from the last call to ReadvProc/WritevProc */
     if (queue_IsNotEmpty(&call->iovq)) {
@@ -1248,6 +1254,9 @@ rxi_FlushWrite(register struct rx_call *call)
        }
 #endif /* AFS_GLOBAL_RXLOCK_KERNEL */
 
+        /* cp is no longer valid since we may have given up the lock */
+        cp = call->currentPacket;
+
        if (cp) {
            /* cp->length is only supposed to be the user's data */
            /* cp->length was already set to (then-current)