Message ID | 153312644299.23453.6879704964860340038.stgit@warthog.procyon.org.uk |
---|---|
State | Accepted, archived |
Delegated to: | David Miller |
Headers | show |
Series | [net] rxrpc: Fix user call ID check in rxrpc_service_prealloc_one | expand |
From: David Howells <dhowells@redhat.com> Date: Wed, 01 Aug 2018 13:27:23 +0100 > From: YueHaibing <yuehaibing@huawei.com> > > There just check the user call ID isn't already in use, hence should > compare user_call_ID with xcall->user_call_ID, which is current > node's user_call_ID. > > Fixes: 540b1c48c37a ("rxrpc: Fix deadlock between call creation and sendmsg/recvmsg") > Suggested-by: David Howells <dhowells@redhat.com> > Signed-off-by: YueHaibing <yuehaibing@huawei.com> > Signed-off-by: David Howells <dhowells@redhat.com> Applied and queued up for -stable.
diff --git a/net/rxrpc/call_accept.c b/net/rxrpc/call_accept.c index a9a9be5519b9..9d1e298b784c 100644 --- a/net/rxrpc/call_accept.c +++ b/net/rxrpc/call_accept.c @@ -116,9 +116,9 @@ static int rxrpc_service_prealloc_one(struct rxrpc_sock *rx, while (*pp) { parent = *pp; xcall = rb_entry(parent, struct rxrpc_call, sock_node); - if (user_call_ID < call->user_call_ID) + if (user_call_ID < xcall->user_call_ID) pp = &(*pp)->rb_left; - else if (user_call_ID > call->user_call_ID) + else if (user_call_ID > xcall->user_call_ID) pp = &(*pp)->rb_right; else goto id_in_use;