summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorBaptiste Lepers <baptiste.lepers@gmail.com>2021-01-12 15:59:15 +0000
committerJakub Kicinski <kuba@kernel.org>2021-01-13 10:38:20 -0800
commita95d25dd7b94a5ba18246da09b4218f132fed60e (patch)
tree9e862148394de9b2ada9c57ca025b93160dd3a89
parentd52e419ac8b50c8bef41b398ed13528e75d7ad48 (diff)
rxrpc: Call state should be read with READ_ONCE() under some circumstances
The call state may be changed at any time by the data-ready routine in response to received packets, so if the call state is to be read and acted upon several times in a function, READ_ONCE() must be used unless the call state lock is held. As it happens, we used READ_ONCE() to read the state a few lines above the unmarked read in rxrpc_input_data(), so use that value rather than re-reading it. Fixes: a158bdd3247b ("rxrpc: Fix call timeouts") Signed-off-by: Baptiste Lepers <baptiste.lepers@gmail.com> Signed-off-by: David Howells <dhowells@redhat.com> Link: https://lore.kernel.org/r/161046715522.2450566.488819910256264150.stgit@warthog.procyon.org.uk Signed-off-by: Jakub Kicinski <kuba@kernel.org>
-rw-r--r--net/rxrpc/input.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/net/rxrpc/input.c b/net/rxrpc/input.c
index 667c44aa5a63..dc201363f2c4 100644
--- a/net/rxrpc/input.c
+++ b/net/rxrpc/input.c
@@ -430,7 +430,7 @@ static void rxrpc_input_data(struct rxrpc_call *call, struct sk_buff *skb)
return;
}
- if (call->state == RXRPC_CALL_SERVER_RECV_REQUEST) {
+ if (state == RXRPC_CALL_SERVER_RECV_REQUEST) {
unsigned long timo = READ_ONCE(call->next_req_timo);
unsigned long now, expect_req_by;