rxrpc: Call state should be read with READ_ONCE() under some circumstances

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

The call state may be changed at any time by the data-ready routine in
response to received packets, so if the call state is to be read and acted
upon several times in a function, READ_ONCE() must be used unless the call
state lock is held.

As it happens, we used READ_ONCE() to read the state a few lines above the
unmarked read in rxrpc_input_data(), so use that value rather than
re-reading it.

Fixes: a158bdd3247b ("rxrpc: Fix call timeouts")
Signed-off-by: Baptiste Lepers <baptiste.lepers@gmail.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Link: https://lore.kernel.org/r/161046715522.2450566.488819910256264150.stgit@warthog.procyon.org.uk
Signed-off-by: Jakub Kicinski <kuba@kernel.org>

authored by

Baptiste Lepers and committed by

Jakub Kicinski 5 years ago a95d25dd d52e419a

+1 -1

1 changed file

expand all

net

rxrpc

input.c

+1 -1

net/rxrpc/input.c

··· 430 430 return; 431 431 } 432 432 433 - if (call->state == RXRPC_CALL_SERVER_RECV_REQUEST) { 433 + if (state == RXRPC_CALL_SERVER_RECV_REQUEST) { 434 434 unsigned long timo = READ_ONCE(call->next_req_timo); 435 435 unsigned long now, expect_req_by; 436 436