Windows: Defer deref of a directoryEntry
authorRod Widdowson <rdw@steadingsoftware.com>
Sat, 22 Oct 2011 14:00:03 +0000 (15:00 +0100)
committerJeffrey Altman <jaltman@secure-endpoints.com>
Tue, 25 Oct 2011 01:07:09 +0000 (18:07 -0700)
During the handling of SL_OPEN_TARGET opens (usually associated
with a rename) a directory entry was deferenced prior to its
contents being used (to set up a seconding inforation field).

This change just holds on to the reference until after that processing.

Change-Id: I26dbd4bfb6595863109e549893f2367f71ad6404
Reviewed-on: http://gerrit.openafs.org/5651
Tested-by: Jeffrey Altman <jaltman@secure-endpoints.com>
Reviewed-by: Jeffrey Altman <jaltman@secure-endpoints.com>

src/WINNT/afsrdr/kernel/lib/AFSCreate.cpp

index 6d479f1..ce90ce5 100644 (file)
@@ -577,20 +577,11 @@ AFSCommonCreate( IN PDEVICE_OBJECT DeviceObject,
                               NULL,
                               pParentDirectoryCB->OpenReferenceCount);
 
-                InterlockedDecrement( &pDirectoryCB->OpenReferenceCount);
-
-                AFSDbgLogMsg( AFS_SUBSYSTEM_DIRENTRY_REF_COUNTING,
-                              AFS_TRACE_LEVEL_VERBOSE,
-                              "AFSCreate Decrement2 count on %wZ DE %p Ccb %p Cnt %d\n",
-                              &pDirectoryCB->NameInformation.FileName,
-                              pDirectoryCB,
-                              NULL,
-                              pDirectoryCB->OpenReferenceCount);
-
                 //
-                // The name array also contains a reference to the pDirectoryCB so we need to remove it
-                // Note that this could decrement the count to zero allowing it to be deleted, hence
-                // don't access the pointer contents beyond here.
+                // Do NOT decrement the reference count on the pDirectoryCB yet.
+                // The BackupEntry below might drop the count to zero leaving
+                // the entry subject to being deleted and we need some of the
+                // contents during later processing
                 //
 
                 AFSBackupEntry( pNameArray);
@@ -613,6 +604,21 @@ AFSCommonCreate( IN PDEVICE_OBJECT DeviceObject,
                                                &uniComponentName,
                                                &pFcb,
                                                &pCcb);
+            if( pDirectoryCB != NULL)
+            {
+                //
+                // It is now safe to drop the Reference Count
+                //
+                InterlockedDecrement( &pDirectoryCB->OpenReferenceCount);
+
+                AFSDbgLogMsg( AFS_SUBSYSTEM_DIRENTRY_REF_COUNTING,
+                              AFS_TRACE_LEVEL_VERBOSE,
+                              "AFSCreate Decrement2 count on %wZ DE %p Ccb %p Cnt %d\n",
+                              &pDirectoryCB->NameInformation.FileName,
+                              pDirectoryCB,
+                              NULL,
+                              pDirectoryCB->OpenReferenceCount);
+            }
 
             if( !NT_SUCCESS( ntStatus))
             {