The usual pattern of using afs_Conn looks like this:
do {
tc = afs_Conn(...);
if (tc) {
code = /* ... */
} else {
code = -1;
}
} while (afs_Analyze(...));
The afs_Analyze call, amongst other things, puts back the reference to
the connection obtained from afs_Conn. If anything inside the do/while
block exits that block without calling afs_Analyze or afs_PutConn, we
will leak a reference to the conn.
A few places currently do this, by jumping out of the loop with
'goto's. Specifically, in afs_dcache.c and afs_bypasscache.c. These
locations currently leak references to our connection object (and to
the underlying Rx connection object), which can cause problems over
time. Specifically, this can cause a panic when the refcount overflows
and becomes negative, causing a panic message that looks like:
afs_PutConn: refcount imbalance 0xd34db33f -32768
To avoid this, make sure we afs_PutConn in these cases where we 'goto'
out of the afs_Conn/afs_Analyze loop. Perhaps ideally we should cause
afs_Analyze itself to be called in these situations, but for now just
fix the problem with the least amount of impact possible.
FIXES 131885
Change-Id: I3a52f8ccef24f01d04c02db0a4b711405360e323
Reviewed-on: http://gerrit.openafs.org/11464
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Reviewed-by: Daria Brashear <shadow@your-file-system.com>
Tested-by: Benjamin Kaduk <kaduk@mit.edu>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
} else {
afs_warn("BYPASS: StartRXAFS_FetchData failed: %d\n", code);
unlock_and_release_pages(auio);
+ afs_PutConn(tc, rxconn, SHARED_LOCK);
goto done;
}
if (code == 0) {
afs_PutDCache(tdc);
tdc = 0;
ReleaseReadLock(&avc->lock);
+
+ if (tc) {
+ /* If we have a connection, we must put it back,
+ * since afs_Analyze will not be called here. */
+ afs_PutConn(tc, rxconn, SHARED_LOCK);
+ }
+
slowPass = 1;
goto RetryGetDCache;
}