From: Baptiste Lepers <[email protected]>
[ Upstream commit a95d25dd7b94a5ba18246da09b4218f132fed60e ]
The call state may be changed at any time by the data-ready routine in
response to received packets, so if the call state is to be read and acted
upon several times in a function, READ_ONCE() must be used unless the call
state lock is held.
As it happens, we used READ_ONCE() to read the state a few lines above the
unmarked read in rxrpc_input_data(), so use that value rather than
re-reading it.
Fixes: a158bdd3247b ("rxrpc: Fix call timeouts")
Signed-off-by: Baptiste Lepers <[email protected]>
Signed-off-by: David Howells <[email protected]>
Link:
https://lore.kernel.org/r/161046715522.2450566.488819910256264150.st...@warthog.procyon.org.uk
Signed-off-by: Jakub Kicinski <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
net/rxrpc/input.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/net/rxrpc/input.c
+++ b/net/rxrpc/input.c
@@ -431,7 +431,7 @@ static void rxrpc_input_data(struct rxrp
return;
}
- if (call->state == RXRPC_CALL_SERVER_RECV_REQUEST) {
+ if (state == RXRPC_CALL_SERVER_RECV_REQUEST) {
unsigned long timo = READ_ONCE(call->next_req_timo);
unsigned long now, expect_req_by;
