From 54c0ee608f4afd2b178c9b60eabfc3564293d996 Mon Sep 17 00:00:00 2001
From: Andrew Deason <adeason@sinenomine.net>
Date: Sun, 14 Sep 2014 14:10:11 -0500
Subject: [PATCH 1/1] afs: Fix some afs_conn overcounts

The usual pattern of using afs_Conn looks like this:

  do {
      tc = afs_Conn(...);
      if (tc) {
          code = /* ... */
      } else {
          code = -1;
      }
  } while (afs_Analyze(...));

The afs_Analyze call, amongst other things, puts back the reference to
the connection obtained from afs_Conn. If anything inside the do/while
block exits that block without calling afs_Analyze or afs_PutConn, we
will leak a reference to the conn.

A few places currently do this, by jumping out of the loop with
'goto's. Specifically, in afs_dcache.c and afs_bypasscache.c. These
locations currently leak references to our connection object (and to
the underlying Rx connection object), which can cause problems over
time. Specifically, this can cause a panic when the refcount overflows
and becomes negative, causing a panic message that looks like:

  afs_PutConn: refcount imbalance 0xd34db33f -32768

To avoid this, make sure we afs_PutConn in these cases where we 'goto'
out of the afs_Conn/afs_Analyze loop. Perhaps ideally we should cause
afs_Analyze itself to be called in these situations, but for now just
fix the problem with the least amount of impact possible.

FIXES 131885

Change-Id: I3a52f8ccef24f01d04c02db0a4b711405360e323
Reviewed-on: http://gerrit.openafs.org/11464
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Reviewed-by: Daria Brashear <shadow@your-file-system.com>
Tested-by: Benjamin Kaduk <kaduk@mit.edu>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
---
 src/afs/afs_bypasscache.c | 1 +
 src/afs/afs_dcache.c      | 7 +++++++
 2 files changed, 8 insertions(+)

diff --git a/src/afs/afs_bypasscache.c b/src/afs/afs_bypasscache.c
index f452638..4c6fb9a 100644
--- a/src/afs/afs_bypasscache.c
+++ b/src/afs/afs_bypasscache.c
@@ -621,6 +621,7 @@ afs_PrefetchNoCache(struct vcache *avc,
 	    } else {
 		afs_warn("BYPASS: StartRXAFS_FetchData failed: %d\n", code);
 		unlock_and_release_pages(auio);
+		afs_PutConn(tc, rxconn, SHARED_LOCK);
 		goto done;
 	    }
 	    if (code == 0) {
diff --git a/src/afs/afs_dcache.c b/src/afs/afs_dcache.c
index 4a9edbd..338e8db 100644
--- a/src/afs/afs_dcache.c
+++ b/src/afs/afs_dcache.c
@@ -2398,6 +2398,13 @@ afs_GetDCache(struct vcache *avc, afs_size_t abyte,
 			afs_PutDCache(tdc);
 			tdc = 0;
 			ReleaseReadLock(&avc->lock);
+
+			if (tc) {
+			    /* If we have a connection, we must put it back,
+			     * since afs_Analyze will not be called here. */
+			    afs_PutConn(tc, rxconn, SHARED_LOCK);
+			}
+
 			slowPass = 1;
 			goto RetryGetDCache;
 		    }
-- 
1.9.4