Commit 6b676c4b authored Jan 12, 2021 by Baptiste Lepers Committed by Greg Kroah-Hartman Jan 23, 2021

rxrpc: Call state should be read with READ_ONCE() under some circumstances



[ Upstream commit a95d25dd7b94a5ba18246da09b4218f132fed60e ]

The call state may be changed at any time by the data-ready routine in
response to received packets, so if the call state is to be read and acted
upon several times in a function, READ_ONCE() must be used unless the call
state lock is held.

As it happens, we used READ_ONCE() to read the state a few lines above the
unmarked read in rxrpc_input_data(), so use that value rather than
re-reading it.

Fixes: a158bdd3 ("rxrpc: Fix call timeouts")
Signed-off-by: Baptiste Lepers <baptiste.lepers@gmail.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Link: https://lore.kernel.org/r/161046715522.2450566.488819910256264150.stgit@warthog.procyon.org.uk


Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

parent 5fd803e1

net/rxrpc/input.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -446,7 +446,7 @@ static void rxrpc_input_data(struct rxrpc_call call, struct sk_buff skb,
		if (state >= RXRPC_CALL_COMPLETE)
		return;

		if (call->state == RXRPC_CALL_SERVER_RECV_REQUEST) {
		if (state == RXRPC_CALL_SERVER_RECV_REQUEST) {
		unsigned long timo = READ_ONCE(call->next_req_timo);
		unsigned long now, expect_req_by;